Forum OpenACS Q&A: Response to Getting rid of cookies

You can use http authentication and store the user state on the server.  This has many drawbacks, which is why hardly anyone does it, at least in the U.S.

Or you can encode a user identifier in each url, or if it's not much data, the state information itself.  This only works if all of your html links are generated dynamically.  And of course it's visible to the user in the url and won't survive URL surgery has a lot of other problems.