LTM/ASM Prevent session hijacking using an iRule

This is most likely not something you actually need to do. If someone managed to perform some man-in-the-middle attack or hijack a client system then very little you do on your side would be able to identify this to block access.

First you will have SSL/TLS (make this as strong as you can, highest protocol and cipher suite etc.) so the cookies and values will not be visible outside of the secure SSL/TLS connection.

The other issue with this is user's IP addresses do change, so if you lock each session to the source IP at login you are likely to find you will incorrectly kick-out user sessions.

Finally if you really need this to be secure I would look at F5 APM to provide additional security and authentication. For example you could have APM perform client side checking to ensure things like AV is running and up to date or even run a SSL VPN from client to APM to help mitigate the risk of a session being hijacked.