First you'll need to decide which Scripting language you want to use? Secondly, the session without cookies script?

---

ToR Design Guidelines. http://ahmia.fi/cache/wf4df37hrebhwzts/

---

A dynamic web page is a web page that displays different content each time it's viewed. For example, the page may change with the time of day, the user that accesses the webpage, or the type of user interaction. There are two types of dynamic web pages.

Client-Side Scripting: Web pages that change in response to an action within that web page, such as a mouse or a keyboard action, use client-side scripting.

Client-side scripts generate client-side content. Client-side content is content that's generated on the user's computer rather than the server. In these cases, the user's web browser would download the web page content from the server, process the code that's embedded in the web page, and then display the updated content to the user.

Scripting languages such as JavaScript and Flash allow a web page to respond to client-side events.

Server-Side Scripting: Web pages that change when a web page is loaded or visited use server-side scripting. Server-side content is content that's generated when a web page is loaded. For example, login pages, forums, submission forms, and shopping carts, all use server-side scripting since those web pages change according to what is submitted to it.

Scripting languages such as PHP, ASP, ASP.NET, JSP, ColdFusion and Perl allow a web page to respond to submission events.

---

Using URL Rewriting Instead of Cookies. http://docs.oracle.com/cd/E11035_01/wls100/webapp/sessions.html#wp100770

In some situations, a browser or wireless device may not accept cookies, which makes session tracking with cookies impossible. URL rewriting is a solution to this situation that can be substituted automatically when WebLogic Server detects that the browser does not accept cookies. URL rewriting involves encoding the session ID into the hyper-links on the Web pages that your servlet sends back to the browser. When the user subsequently clicks these links, WebLogic Server extracts the ID from the URL address and finds the appropriate HttpSession when your servlet calls the getSession() method.

---

Session variables without cookies. http://www.thomasfrank.se/sessionvars.html

So I've made a small script that let you use JavaScript session variables without using cookies. It will let you store 2 MB of data, with much less hassle than a cookie based solution.
Embed sessvars.js (6 Kb) in the head section of every web page where you want to use session variables, before any other scripts that try to set/get them...

TOR hidden services, IS NOT, so secret WHEN hidden sites are cached by sites like: http://ahmia.fi/ & http://ahmia.fi/cache/

Example: TorDrugResource http://ahmia.fi/cache/y47ylcppnh3afqk4.onion.html & http://ahmia.fi/cache/3terbsb5mmmdyhse.onion.html