I probably misunderstand your point, because I’m about to say something obvious. Requests that belong to the same session are not guaranteed to be sequential in any meaningful way.
The check you are talking about would have to check the session against SOMETHING. Something more specific than a single secret. I.e., a piece of server-side data that maps to the session. Which kills the rationale behind session-based cookies, no?
So, it looks like cookie-based sessions would only work for the same scenarios where “Remember my login on this computer” option without an opt out is acceptable.