If you have a backend DB and the webserver(s) all have access to it, consider doing something with sessions where you hand the user a completely opaque session key and store all the data locally, temporarily.

Or at best, use one of the Crypt modules to stuff it into a cookie (temporary, don't make them store it) and deal with it using the cookie mechanism.