diff --git a/includes/webform.admin.inc b/includes/webform.admin.inc
index c5068e5..8f86c15 100644
--- a/includes/webform.admin.inc
+++ b/includes/webform.admin.inc
@@ -100,14 +100,6 @@
     '#collapsed' => TRUE,
   );
 
-  $form['advanced']['webform_use_cookies']  = array(
-    '#type' => 'checkbox',
-    '#checked_value' => 1,
-    '#title' => t('Allow cookies for tracking submissions'),
-    '#default_value' => variable_get('webform_use_cookies', 0),
-    '#description' => t('<a href="http://www.wikipedia.org/wiki/HTTP_cookie">Cookies</a> can be used to help prevent the same user from repeatedly submitting a webform. This feature is not needed for limiting submissions per user, though it can increase accuracy in some situations. Besides cookies, Webform also uses IP addresses and site usernames to prevent repeated submissions.'),
-  );
-
   $form['advanced']['webform_search_index']  = array(
     '#type' => 'checkbox',
     '#checked_value' => 1,
@@ -117,6 +109,18 @@
     '#access' => module_exists('search'),
   );
 
+  $form['advanced']['webform_tracking_mode']  = array(
+    '#type' => 'radios',
+    '#title' => t('Track anonymous users by:'),
+    '#options' => array(
+      'cookie' => t('Cookie only (least strict)'),
+      'ip_address' => t('IP address only'),
+      'strict' => t('Both cookie and IP address (most strict)'),
+    ),
+    '#default_value' => variable_get('webform_tracking_mode', 'cookie'),
+    '#description' => t('<a href="http://www.wikipedia.org/wiki/HTTP_cookie">Cookies</a> can be used to help prevent the same user from repeatedly submitting a webform. Limiting by IP address is more effective against repeated submissions, but may result in unintentional blocking of users sharing the same address. Logged-in users are always tracked by their user ID and are not affected by this option.'),
+  );
+
   $form['advanced']['webform_email_address_format'] = array(
     '#type' => 'radios',
     '#title' => t('E-mail address format'),
diff --git a/includes/webform.submissions.inc b/includes/webform.submissions.inc
index 14e44f4..a1a3c10 100644
--- a/includes/webform.submissions.inc
+++ b/includes/webform.submissions.inc
@@ -820,6 +820,7 @@
  */
 function webform_submission_user_limit_check($node, $account = NULL) {
   global $user;
+  $tracking_mode = variable_get('webform_tracking_mode', 'cookie');
 
   if (!isset($account)) {
     $account = $user;
@@ -853,11 +854,14 @@
   }
 
   // Fetch all the entries from the database within the submit interval with this username and IP.
-  $num_submissions_database = $query->countQuery()->execute()->fetchField();
+  $num_submissions_database = 0;
+  if ($account->uid !== 0 || $tracking_mode === 'ip_address' || $tracking_mode === 'strict') {
+    $num_submissions_database = $query->countQuery()->execute()->fetchField();
+  }
 
   // Double check the submission history from the users machine using cookies.
   $num_submissions_cookie = 0;
-  if ($account->uid === 0 && variable_get('webform_use_cookies', 0)) {
+  if ($account->uid === 0 && ($tracking_mode === 'cookie' || $tracking_mode === 'strict')) {
     $cookie_name = 'webform-' . $node->nid;
 
     if (isset($_COOKIE[$cookie_name]) && is_array($_COOKIE[$cookie_name])) {
diff --git a/webform.install b/webform.install
index 3de9f33..7e85c12 100644
--- a/webform.install
+++ b/webform.install
@@ -551,7 +551,7 @@
   // Unset webform variables.
   variable_del('webform_node_types');
   variable_del('webform_node_types_primary');
-  variable_del('webform_use_cookies');
+  variable_del('webform_tracking_mode');
   variable_del('webform_default_from_address');
   variable_del('webform_default_from_name');
   variable_del('webform_default_subject');
@@ -1350,3 +1350,16 @@
     db_add_field('webform_emails', 'extra', $schema);
   }
 }
+
+/**
+ * Convert the "webform_use_cookies" setting to "webform_tracking_mode".
+ */
+function webform_update_7406() {
+  // Previously, we only had "strict" and "ip_address" checking. Using cookies
+  // mean cookies in addition to IP address.
+  $use_cookies = variable_get('webform_use_cookies');
+  if (isset($use_cookies)) {
+    variable_set('webform_tracking_mode', $use_cookies ? 'strict' : 'ip_address');
+    variable_del('webform_use_cookies');
+  }
+}
diff --git a/webform.module b/webform.module
index 1c22a14..7cf6794 100644
--- a/webform.module
+++ b/webform.module
@@ -2795,9 +2795,10 @@
     $form_state['values']['details']['sid'] = $sid = webform_submission_insert($node, $submission);
     $form_state['values']['details']['is_new'] = TRUE;
 
-    // Set a cookie including the server's submission time.
-    // The cookie expires in the length of the interval plus a day to compensate for different timezones.
-    if (variable_get('webform_use_cookies', 0)) {
+    // Set a cookie including the server's submission time. The cookie expires
+    // in the length of the interval plus a day to compensate for timezones.
+    $tracking_mode = variable_get('webform_tracking_mode', 'cookie');
+    if ($tracking_mode === 'cookie' || $tracking_mode === 'strict') {
       $cookie_name = 'webform-' . $node->nid;
       $time = REQUEST_TIME;
       $params = session_get_cookie_params();