I currently own a corporate brochureware web site (no cookies, not database backed); I find it more useful to track aggregate statistics rather than individual usage. Naturally, if ten people log in from Oracle's firewall, they might not be clearly defined. In any case, if someone downloads a long white paper, then doesn't click for 90 minutes, there's no way I can tell whether or not they read the document.
You might be able to configure/reconfigure the clickthrough module to record every single action. You won't be able to accurately track usage with people who don't clickthrough or those who use multiple browser windows while they surf. The problem with this is that in order to get a statistically significant sample size, you need to track all hits.
Remember that non-authenticated users might outnumber the authenticated ones by ten to one on a publicly-accessible web site.
You need to explain what sort of users your client's web site attracts, their connection speed, whether or not a large percentage are behind corporate firewalls, whether or not your average web surfer is a college kid looking for a job, a venture capitalist, your client's competitor, etc. Without such knowledge, it is very difficult to recommend any sort of usage tracking strategy.
If you are amassing a large number of visitors, the point might be moot. You should care more about aggregate statistics rather than individual usage. There's really no way to tell by an IP address if your visitor is a Morgan Stanley investment banker, or some freshman at SUNY.