If you have access to someone's cookie you will be able to post as them. I used to tie cookies with IP's but too many people would complain that they weren't able to access the site due to passing through a proxy farm and coming from a different IP each time. Nothing can really be done to get around this as a lot of proxies also don't pass on the 'X-Forwarded-for' header.
Unless I'm missing something else where you didn't need to know fossil's cookie. That would be a security problem and one you should email me about