I'm getting an "80006 Session not found for ip=(ip), token=(token)" error.

This error only surfaces when the code is being used on a mobile device where the source IP address may change with each request. When the same code is run on a machine where the source IP does not change, all is well.

Is the IP of the requesting machine taken into account when the login occurs and the session token is returned? That would be bad news for mobile apps.

If it does take the IP into account, is there a workaround? If not, what else could be the problem?

This is to be expected in mobile applications since they can change IP Addresses every time they switch to a new carrier or a new tower even.  For our .Net mobile test applications it has been the norm to request a new session when the IP Address changes (When you get this error)

We want to stress that IP restriction is used to prevent hijacking sessions by adding one additional hurdle for anyone trying to get your session.  If your curious about the security implementation please check out the white paper on the main site at:

http://www.nirvanix.com/pdfs/SecurityOnDemand.pdf

Regards,
     Barry R.

Depending on the mobile network you are going through, it can switch on every request - thats what is happening in my application. Even if I make a request to retrieve a new session ID, its likely unusable for the next request. In standard usage scenarios, I would want it to consider IP when returning a session token. But in this case, its working against me (it could also be a problem with some web farms). The only work around I can think of is to proxy it through a server, but that would (unfortunately) make me put up a go-between which I'd have to host.

Do you foresee an option on this in the future?

 I have sent you an email with some additional information that may help including a custom solution to your issue.

Regards,
     Barry R.