It doesn't sound like you need real high security solution (no logins) so why not just track by the user's IP address? If the same IP address access's within a given amount of time, assume it's the same user.
That probably won't work in this situation. This is an extranet application. Use will be restricted to certain IP ranges. However some remote sites have networks where it is possible that two users could appear to be coming from the same IP.
> You need some way to identify users, particularly if you are going to > maintain their state information in the database.
I think that we will end up having to do this, even if it means using a simple scheme. I'll check for a cookie that might ID the user. If cookies are off, I'll ask the user to identify themself.
Thanks,
Brad
