Another thing to consider, depending on the level of security that you want, is using a simple digest or even the crypt function.

Additionally, if all you are doing is tracking a user and unique id number (such as 9 digit number similar to a social security number) might do the trick.

As merlyn stated the easiest way is to generate characters that are easier to match with regex. If not maybe you should revisit your regex and develop one that will "untaint" all base64 characters.

Good hunting,
kha0z