Why aren't sessions exclusive to an IP address?

First, linking a session to an IP address will not make it secure since the server could see many different users as using the same IP address for various reasons (all types of proxy servers, for instance: client, reverse proxy, CDN, etc.).

Second, the same user could very well use different IP addresses for the same session. For instance, someone could be switching between networks from the same device.

So, since it's not effective and it causes usability and scalability issues, that is not an feature that is usually enabled.

Back in the day, AOL was notorious for aggressively load-balancing traffic between its internal network and the Internet across all its exit proxies. This meant that a request for a single web page and its content would come from many different IP addresses: if you pinned a session to a single IP address, the session would break before the "login successful" page finished loading.

This sort of load balancing is less common, but can still happen if someone is using a "web accelerator" proxy or a less-technically-inclined ISP. Slower shifts are more common, such as if someone is using a wireless ISP and gets a new address every time they change base stations.

Pinning a session to a single IP address can make session-stealing attacks harder, but it comes at the cost of preventing some people from using your service entirely, and giving others a degraded experience.

An attacker can connect to the server from the same address. For example an attacker and the victim are using the same WiFi.
Also, it can cause problems to the user if he/she has multiple routes to the server and the user's IP undergoes Network Address Transition.