To avoid max URL len issues on browsers try storing most of the session data locally on the server, and only have the sessionID and action type in the URL. Many different things can come into play with very long URLs, proxy servers, different browsers and firewalls all can act differently when exposed to them. Do a super search for "cgi session data" for more info.

-Waswas