You've got two sources of information to identify the client side, cookies and IP addresses (and port, to cover NATed connections). As the previous posters have indicated, neither method is all that reliable. How about using both. Store the current IP address in a cookie, and check it each time to see if the IP in the cookie is the same as the current IP.

If you need reliable identification of repeat clients, you can than limit what you track to the cases where the cookie IP and the current IP agree, and throw out the others as uncertain IDs. If high reliability isn't a goal, you can use some combination of the two, and accept the errors. You might even be able to track users through a succession of IP addresses, you just couldn't do it reliably.