This phrase is...confusing...
their individual state persists each time they login
I'm not sure if you are saying their state persists *BETWEEN* logins or only so long as they are logged in.
And if you only mean so long as they are logged in, then why do you *need* to distinguish between inTRAnet and inTERnet clients? Why not simply always maintain session state on the server? That's how one of the sites I help maintain works. It doesn't care how you got to the login page; it just remembers you with standard session state. (It happens to be an ASP.NET site, and ASP.NET allows both cookie-based and cookieless session state, but because this is not truly a public site, we insist on cookie-based sessions. Just because it's simpler, not better.)