Currently i have been using this technique where when a user logs into my site which is through a servlet, i call request.getRemoteUser() which returns a string of their ip address. I then use that IP address to do a lookup in my user table to see when this ip address last logged on and as which user, so that i can set the user to that previous choice. I didnt want to use a cookie. Anyhow, the problem has started where i have two users behind the same firewall. Both users are showing up with the same IP which looking back on it, now is what i would expect. Is there "any" other value of something i could extract that would give me something unique about that user that i could work with in this situation to tell who they are?