On the Zend Developer Zone there's a new tutorial for those using the Zend Framework (and more specifically the Zend_Auth component) on a way that you can prevent identity theft in validating your users.

As I am building my applications, I always try to improve the code I write in some way. Today I thought about the security issues of any PHP application that uses an authenticating system. [...] There is one particular issue that bugged me for some time. The Identity theft - Broken account and session management issue. Why can one so easily still my session id cookie and suddenly gain access to my account in one particular web application?

He shares a class he's developed as a guideline to help your application automatically test to ensure that the information being given by the user is valid. It checks a security level and validates against the user agent and remote IP of the user to ensure they match. These two criteria might not always be the best choices, but it gives you a push in the right direction.

Code is also included to show how to integrate it into your Zend Framework application by loading it into your base controller and using the "hasIdentity" and "hasSecureIdentity" methods to check the user's credentials.