> IP, Host, Agent, and Cookies are the only real way you can identify a repeat user
Brett, you forgot log-in :)
But then again that's only usefull for Extranets and would not count in this example.
Also, there are applications that use a more advanced method using data mining modelling where you build user profiles based on all the data you can collect, like behaviour, screen resolution, OS, etc besides the usual things.
I know this, and I know it works, 'cause one of our major clients use it for a very advanced chat system. Users can get kicked out if they don't behave well in there. Some users think they can trick the system, so dial up on a new IP, they reregister again, erase the coockie etc but they soon realise that the system can recognise them :)
If you set up such advanced modelling in combination with a network package sniffer then you can completely cut of any agent or user you want from your servers - maybe not 100% of the cases - but very close to that.