I'm building a user-portfolio based site using PHP4/Apache/MySQL, the site is going to be accessed primarily in a school lab setting where anything goes as far as proxy server setups and caching. My dilemma is that I need to be absolutely certain that each workstation on the other side of the proxy is getting a unique session and there is no chance whatsoever of one user stomping on another's session data just because the proxy served them up the same session ID (or a cached page with the session ID stored in it as a hidden form variable). So far, it seems that using cookies it right out of the question. Does anyone have any other advice that might help me develop a 'bulletproof' session-handling scheme for such a scenario? Any tips would be immensely appreciated.
