Actually for most people, the browser sends enough information in the headers, ignoring cookies, to identify them as unique. You can check out an experiment about this at www.amiunique.org/fingerprint. Combining that with an ip gets you pretty close.