It doesn't sound like you need real high security solution (no logins) so why not just track by the user's IP address? If the same IP address access's within a given amount of time, assume it's the same user.
> You need some way to identify users, particularly if you are going to > maintain their state information in the database. HTH, Jason Hect
