I suggest using server side sessions since you have to exchange only a session ID with the client. (the session ID can be expired once the session terminates) the Session ID can be stored in a cookie (better) or in the url (only if the client doesn't support cookies) Apache::Session could be of some help: it takes care of generating session IDs, storing data etc... once the session is initialized you can use it as a normal hash. you can even store complex data structures since it uses Data::Dumper (it doesn't need mod_perl as the name would suggest)