in reply to html and cookie expiration
Security and data integrity problems aside (and they're numerous, both in data storage in cookies, and in hidden form fields), I'd recommend:
- Use the cookie as a session ID only.
- Somehow, store previous pages of data server-side
- Make sure the data is somehow associated with the session ID
This way, you can retrieve and add to or alter the data on the server, rather than the browser, and you don't have to worry about cookies expiring, cookie length restrictions, and the like.
An excellent article about just such as arrangement, by our very own merlyn, is Here. Also, a Super Search about sessions and state will show many other discussions, and some snippets, that are helpful.