Maybe, maybe not. as
tilly notes above, some DHCP servers refresh the address very frequently and it could be the case that the IP would change during one session even. If all they need is the cookie, then you may be fine as in the time that the whole process takes place the cookie is made and they have it and all is well. If the IP is validated in any way, it could change, and therefore invalidate the session. If it is not validated, you could argue that it's prone to spoofing if the cookie is intercepted in transit. The other problem is the case where the DHCP server changes the IP in the middle of the initial validation, then you're really screwed.
I worked with security products at a previous company, and, in every case, when they depended in any way on IPs, even the slightest, there were always problems with DHCP. it's a PITA for sure =)
"A man's maturity -- consists in having found again the
seriousness one had as a child, at play." --Nietzsche
