The supercookie should use the IP address ONLY IF it does not get enough identifying information from the browser.

* You should definitely use cache etags as another form of a cookie.
* The ssl session ID is also a wonderful cookie.

For a better discrimination of users, you should moreover take the following data into account for creating the hash:
* installed fonts
* number and order of headers
* screen size and resolution
* time zone

Comments

jondos created an issue.