More common is to set a cookie or something similar with a unique code you generate when they log in and compare against your log... maybe even have it change every once in a while or every page, depending on your wish for secure-ness. Also good to expire the code after a certain amount of non-use...

of course, your way would work in most cases. Except for many users behind a firewall showing the same ip, maybe... it would work, but it's not the preferred way.
                - Ant