Thanks Eric. Gives me a frame of reference.
One of the problems with our current shopping cart is that employees will place an order, which is saved to the Access database, and fail to enter their name and location. They just close the browser without submitting it, the order stays but we don't know who made it. What I was hoping was to have the user enter their name and location initially, so that when the order is created in the database, it will include who did the ordering. It isn't so much a security issue, as a completeness of the order issue.
I mentioned the network ID, which I've successfully captured via a session variable, however I have been told that it is impossible to save the session variable into a database. I was hoping to capture an identifier before the order was made, and I thought something invisible to the user would be a better method.
Difference with an internal warehouse system - the users hardly ever just "window shop".