Kathleen's IPS flags traffic from two IP addresses as shown here: Source IP: 10.11.94.111 http://example.com/home/show.php?SESSIONID=a3fghbby Source IP: 192.168.5.34 http://example.com/home/show.php?SESSIONID=a3fghbby What type of attack should she investigate this as?

Session IDs should be unique for distinct users and systems. A very basic type of session replay attack involves providing a victim with a session ID and then using that session ID once they have used the link and authenticated themselves. Protections such as session timeouts and encrypting session data, as well as encoding the source IP, hostname, or other identifying information in the session key, can all help prevent session replay attacks.