There are a number of threads here on PM discussing the philosophies and practicalities of State and/or Session management.

I've been into this research in the last week as well, but haven't made any conclusions yet. We use cookies in several sites now, and while over the last 2 years or so cookier-related tech support calls have declined markedly, we'd still like cookie-less solution.

However, some PM threads that have been excellent, useful or informative are:

• practical aspects of sessions and state
• Polling All Monks: Favorite Ways To Maintain State
• Writing web pages in Perl with sessions
• Adding "state" to HTTP to save saintmerlyn from having to post this link... :)
• the best way to implement persistent data across CGI scripts
• (OT) Security Rant
• Maintaining state with CGI.pm

There are many other mentions of 'state' 'session' 'cookie' etc, via Super Search.

Plus, in the last 48 hours, unless I'm hallucinating (which shouldn't be true), I thought I saw a recent release of something (for Apache?) that handles cookie-less state management. However, I can't find it again.

Hope the links help with the review of the philosophies and/or methods of cookie-less state.