I was thinking about an extra security measure for protecting my web site user data, even if his session is hijacked. please give me pointers, also it might be helpful to others who is thinking about extra security.

my plan is to use an extra key like session id in local storage of the browser, there can be an argument here that, it might not work for some browsers, but anyway my application is using web socket, so i can assume they have local storage too.

So.. when user logs in i will assign a key to be stored in Local storage, and after that for any secure data to be requested from server through a POST or AJAX should include this key as part of the request, and this verification of the key is on top of session id verification.

What you guys think, will this provide me a bit more security against session hijacking(may be not 100 % but still, it might make the hackers life difficult).