Among the needs in our Joomla after sales admin session would be to scribe anyone's IP inside the cookie to avoid replay attacks. Basically implemented SSL for that admin session, would this solve this problem?

presuming you possess an ssl cert for that domain, it would be rather simple of enabling the necessity within the GlobalConfig.

Or you might just adjust the way your session is handled (file versus db) and lenght.