Not really in terms of generally available and reliable metrics, no. There are headers like X-HTTP-FORWARDED-FOR sent out by Proxies sometimes, but any self-respecting router won't tell the server which of its clients is accessing it.
I think the best you can do is a combination of
- Session cookie
- User Agent string
I wouldn't check for the IP address, first for the reason you mention, and second because some ISPs like AOL for example use proxies that can have the same client's IP change multiple times during the same session.
A "soft" security measure that comes to mind is Geolocation. If the same session cookie is being used by an IP in, say, Paris, France, and at the same time (or just an hour later) by one located in Sydney, Australia, it is possible that something shady is going on. I'm saying "possible" because there are conceivable legitimate scenarios for this - for example, an Australian in Paris switching over to their company VPN.
If you're really a lot about security, you could build something that triggers some alarm bells in such a case, or asks the user a secret question or something. There are a number of Geolocation providers, e.g. MaxMind or Geobytes. I think stuff like this is what the big leagues, global sites like Amazon, PayPal, etc. do to prevent fraud.