There is something you can do to insure security. Everytime a user logs on, generate a random number, put it on the user's machine as a cookie.

print "Set-Cookie: temp-id=$random_no; domain=yourdomain.com; expires=
+".($now+3600);
[download]

At the same time, write the same $random_no to a DB on your server, as well as the user's username. So, you can now identify the user using a temporary id.

Hope this helps,

Sinan