The most usual (but browser-dependent) way to do this is to set a cookie. If you do this, you are accepting that not all users will have a 'session'.

An alternative is to pass a session ID in every GET URL, and in hidden fields of POST requests. This can be a big overhead unless _every_ page requires CGI in any case.

Another alternative is the Hyper-G[1] solution of encoding a session-id in the URLs of pages RETURNED:

http://hyper-g.server/session_id/real/path/to/page

This has the drawback of MAKING the URLs very CONFUSING, and causes any bookmarked pages to generate old session_ids.

Note that a session ID based solely on REMOTE_HOST (or REMOTE_ADDR) will NOT work, as multiple users may access your pages CONCURRENTLY from the same machine.

The most usual (but browser-dependent) way to do this is to set a cookie. If you do this, you are accepting that not all users will have a 'session'.

An alternative is to pass a session ID in every GET URL, and in hidden fields of POST requests. This can be a big overhead unless _every_ page requires CGI in any case.

Another alternative is the Hyper-G[1] solution of encoding a session-id in the URLs of pages returned:

http://hyper-g.server/session_id/real/path/to/page

This has the drawback of making the URLs very confusing, and causes any bookmarked pages to generate old session_ids.

Note that a session ID based solely on REMOTE_HOST (or REMOTE_ADDR) will NOT work, as multiple users may access your pages concurrently from the same machine.