Actually for most people, the browser sends enough information in the headers, ignoring cookies, to identify them as unique. You can check out an experiment about this at https://www.amiunique.org/fingerprint. Combining that with an ip gets you pretty close.
Well that’s still a form of session ID. But you are saying things like “most people” and “pretty close”, so it’s not a very good session ID, since it’s not guaranteed to be unique.
Actually for most people, the browser sends enough information in the headers, ignoring cookies, to identify them as unique. You can check out an experiment about this at https://www.amiunique.org/fingerprint. Combining that with an ip gets you pretty close.
Well that’s still a form of session ID. But you are saying things like “most people” and “pretty close”, so it’s not a very good session ID, since it’s not guaranteed to be unique.