The article:<BR><BR>A Scalable Alternative to Session Variables <BR><BR><BR>describes a method of using an MS SQL table with a uniqueidentifier column to track visitors and maintain state without the use of cookies or session variables. The GUID is used as a SessionID and is normally passed as a query string parameter which is looked up in the SQL table and any related data may be stored or retrieved on this key. The expiration of a GUID is programmed into the stored procedure and if it is not present, a new one is generated.<BR><BR>The method uses the IP address as a basis for finding any unexpired GUID if it is not included in the query string.<BR><BR>The question I have is: is the IP Address always unique for each concurrent active (non-timed-out) session? <BR><BR>I thought AOL users and other users going through proxy servers could have non-unique IP addresses, and if so, they could get assigned a GUID used by someone else with the same IP and overlapping sessions.<BR>