I don't do much internet development and I don't use anything
fancy like JSP or ASP server (I've been playing around with CGIs).
Fancy ? As a developer, they're a lot less troublesome than CGI. CGI
is minimal, crude and I haven't used it in years. If I am writing Perl
for web back ends, mod_perl is almost always a better idea than CGI.
(I know that CGI doesn't imply formally Perl, but empirically this is
usually true)
How do these server platforms identify each anonymous web client?
As a web developer, you shouldn't need to worry about this. It's very
much something that should be done for you by your middleware. It's a
_hard_ problem - like order processing and credit card handling, most
web developers just aren't competent to do it well and they should be
protected from it.
As you rightly phrase it, web clients are anonymous. HTTP is an
anonymous and non-stateful protocol. Tracking sessions isn't an easy
thing to bolt onto this. Around '97 - '99, just how to track sessions
was an issue of some debate. it wasn't clear just how to do it best,
and developers often needed to do it themselves. There was even some
muttering that it was all HTTP's fault and that it should be
re-engineered to support it.
Some methods are obvious (IP tracking), but unreliable (proxies).
Others, like embedding IDs into URLs, are robust but prone to
spoofing. Cookies are good, but might be disabled. Generally you
should rely on your middleware to worry about this for you - setting a
cookie if it can, munging the URL if it can't. Use that Session
object you're given and don't worry too much about the details. If you
don't have one, change platform until you do.