maybe you should use Apache::Session (or just a tied hash with MLDBM) and pass only the session id on the query string..