I would store a unique value (SDBM?) on the server and use CGI::Cookie for the client. Create a unique value and store it on the server and send it to the user. If you get that value back (by reading in the cookie) you can delete the server-side unique value, redirect that user, and repeat the process all over again.