If the ip doesn't match, then the only way I know is via an educated guess based on the host name and the browser agent. That is very risky business. Either the site isn't all that concerned about identifying users accuratly, or there is something else they are using. IP, Host, Agent, and Cookies are the only real way you can identify a repeat user. Only cookies are accurate since they are the only data bit that goes to and returns from a machine.

Thank you Brett.

The site doesn't use java or other browser site scripting does it?

I checked with my friend and he wasn't certain if the site uses java etc., but would keep that in mind. He appreciated your input on this and I would like to thank you again for your attention to this.

> IP, Host, Agent, and Cookies are the only real way you can identify a repeat user

Brett, you forgot log-in :)
But then again that's only usefull for Extranets and would not count in this example.

Also, there are applications that use a more advanced method using data mining modelling where you build user profiles based on all the data you can collect, like behaviour, screen resolution, OS, etc besides the usual things.

I know this, and I know it works, 'cause one of our major clients use it for a very advanced chat system. Users can get kicked out if they don't behave well in there. Some users think they can trick the system, so dial up on a new IP, they reregister again, erase the coockie etc but they soon realise that the system can recognise them :)

If you set up such advanced modelling in combination with a network package sniffer then you can completely cut of any agent or user you want from your servers - maybe not 100% of the cases - but very close to that.