easiest and best way: use phps session-management – every client is given an id, stored in a cookie (if enabled) or given as a get-variable on every link and form. (alternatively you could set a cookie on your own). but: this only “fingerprints” the browser – if the user changes his browser, deletes his cookies or whatever, you can’t identify it anymore.
identifying every client by ip is usually a bad idea and won’t work. clients that use the same router will have the same ip’s – clients connected through a proxy-pool could have another ip with every page load.
if you need a solution that can’t be manipulated by the client in an easy way, try to do a combination of the following, using all that are supported by the clients browser and compare them on each page-load:
“normal” HTTP Cookies
Local Shared Objects (Flash Cookies)
Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
Storing cookies in and reading out Web History
Storing cookies in HTTP ETags
Internet Explorer userData storage
HTML5 Session Storage
HTML5 Local Storage
HTML5 Global Storage
HTML5 Database Storage via SQLite
there’s an solution called evercookie that implements all of this