you can probably use a unique identifier (key value pair having a uniquely generated name) as part of your cookie
string to identify the user...technically it is the machine/login that you are referring to. This might work until the user clears his cookies. I believe I did understand your requirements.