ssl_LookupSID is only successful if the IP addresses match. Does this make sense?
Do we have a bug for the new session cache stuff already? Would this still be valid?
I filed bug 1399439. This will still be valid. The new cache API will not use ssl_LookupSID but when no external cache is used this is still the way NSS matches SIDs.