This actually has nothing to do with mod_perl -- CGI, Java servlets, C modules, etc. all have the same problem when putting sensitive information in the URL. There is no perfect solution for it, only hacks that work for some browsers. You could make every user go to a special "exit" page when following any off-site link. This page would contain a link to the URL they want to go to and the URL for the page would not contain the private information. You can put a META REFRESH tag in it to get the browser to go to the URL right away. However, some browsers won't support that and will leave your users looking at this exit page. If you do the redirect from the exit URL on the server side with a Location header, some browsers will send the previous URL (with the session ID) as the referer. There is some discussion of this here.