If you want cookie-like behavior, but don't want to use cookies for it, use pathinfo. This is a perfectly legal URL:

http://your.site.com/cgi-bin/your.cgi/your/pathinfo/here/
[download]

The stuff following your.cgi ends up in $ENV{PATH_INFO}, where you can pick it up and use it.

Advantage: doesn't requre cookie support; nice and easy to hang a session ID off there. Disadvantage: it's in the URL, so it's visible and can be messed with.