Then let ASP do that for you.
That is *EXACTLY* what it does with Session.SessionID !!!
How do you think ASP keeps track of user sessions? Yep, it encodes that Session.SessionID and stores it as a cookie on the user's machine. Each time they come back to a page, it reads the cookie, decodes it to get the Session.SessionID, and thus connects all the other session variables with the correct user.
Now, you do have the problem of "visitors can start on any page." That's a tough one.
Ugh. I don't see any answer to that. Well, maybe I do.
Would you need to allow users to be able to visit page XYZ.asp and then, *WITHOUT* clicking on some link to get to another page, allow them to enter the url ABC.asp and expect the session id to survive that transition??? If so, I don't have an answer. But if users must get from page to page by clicking buttons/links/whatever on your pages, you could do it the way JSP and ASP.NET do it when the user disables cookies.
To wit, you pass along the encoded session id in the URL and/or in the <form> posts.
You'll see that on a lot of JSP sites, especially, where the page extension is ".do" and the url is something like "xxxx.do?sessionid=XYA*13892JjjTb9981" or similar.
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.