Random Session.SessionID with IIS 6.0

[Bénoni MARTIN <Benoni.MARTIN () libertis ga>]

Hi list !

I was wondering if someone can tell me if I'm right with this:

Setting up: I've got an IIS 6.0, connection through HTTPs, and ASP pages on my IIS.

What I'm tryng to do: As many people dream about :), just track the user through it's journey on my website ... But to 
avoid replay attacks and brute force password guessing, I need to get an unique identifier for this user.

The trouble: I was thinking about some encrypted mix like HASH{user_tcp_port || Session.SessionID || Rnd-number || ...}.
My 2 problems are: the user port and the Session.SessionID.
        - Pentesting my idea, I noticed that the user port (obviously > TCP:1024) ... change as time goes on (I think 
it is normal behaviour, that's why it is called ephemereal ports :) ) ! So I cannot rely on it :(.
        - Then I thought about 'Session.SessionID', Microsoft's Docs told me it was a unique identifier per session, so 
I was happy with it ... But it seems that this number is unique if you have cookies enabled on your browser, and as 
some people disable them ... So this identifier cannot be reliable, even whithin the same connection, and moreover it 
seems to increase +1 at each next session, so a little bit preditable :(
I saw with ASP a beautiful Cert.Cookie(still Request.ServerVariables) ... But it seems NULL in my case :(

So my question was: within an https connection, is there any ID that will be UNIQUE from the beginning to the end of 
the same session ? There is probably one, so my question would be turned in "how can I catch it?"

I know my question is not new :(

Thanks a lot list,  am quite stuck with this :(