Banning specific web users

I came across a situation recently.

As any self respecting programmer would, when I got banned from a website, I tried to find a way round it, while still using the same computer. But I wasn't successful. I've subsequently had the ban lifted, but the question remains:

How did it remember my identity, even though I cleared cookies and changed IP? It was a flash开发者_StackOverflow中文版 app, but I didn't think flash could store its own data of any kind, so I'm puzzled! While on the subject, could a java applet be used to store data?

So, Besides cookies/IP address, how might a website remember a user?

"I didn't think flash could store its own data of any kind" - and you were wrong. There is something called Flash Cookies (oficially named "Local Shared Objects", they are pretty much what it says on the tin: small persistent pieces of data accessible to Flash, separate from HTTP cookies). See e.g. this: http://www.ghacks.net/2007/05/04/flash-cookies-explained/

It is possible to delete these through a Flash control panel; and as @Samuel Neff notes, some browsers can now remove them together with HTTP cookies.

See also a combined-approach mutant form, the evercookie; plus there is at least a theoretical possibility that your browser's header data, although anonymous separately, are unique enough to identify you when analyzed together - see https://panopticlick.eff.org/