Theoretically this is possible by checking the requestheader. But it might not always work. The information may not always be meaningful due to network address translation (NAT). Depending on how clients connect to the internet, multiple clients may share the same IP address (that of a gateway computer). The IP address may also change over the course of several request. (This can strongly relate to the provider system or maintenance etc. etc.)
But it also does not eleminate the problem that you can't know if the machine isn't used by other persons.
Using cookies requires a certain strateqy. For instance, if you run a webshop, you can make it possible that a user is verified by a cookie and, have some special settings loaded, can look at his wishlist etc. etc. But when the user makes a request to change his profile, wants to make a transaction etc. etc. he or she must always use his password. This is a compremise you make between a user friendly website and a safe website. You keep sensitive data protected with a password protocol while less sensitive data/settings are automatically implied through the use of cookies.
