php - what techniques should we use to prevent login with same cookies? -

i want create login page captcha code in php. after user entered user - pass , captcha code login. after session , cookies stored in cookies. if export these cookies session , import command line browser wget or elinks , modify user-agent in header (and change same browser logged in once before) can login info without enter user , pass , make loop 10000000 times refresh page in application , makes useless process on server .how can prevent condition ? 1 solution thought store $_server['request_uri'] , store in db , count counter each refresh if hits more 50 times in hour detect attack solution prevent ?

edit: works parameter: session_regenerate_id(true);

to prevent can use

session_regenerate_id() 

function. function can used regenerate/change session id of current session. might useful if, example, want refresh session id every 10 minutes or after changing state of authenticity of user associated session.