User authentication

Which is better for username and password authentication? (How the server recognizes who is logged in and as which user) A: Authenticate users with their IP address (after login) B: Authenticate users with some kind of token (after login) And if B: How should a token be generated?