Hi Ahmed, \
In a future update is it possible to consider encoding the script urls so the variables are not viewable by the general public ie http://www.ebasyi.com/sp/auction/auction.cgi?action=Browse&Search=Category&Cat_ID=10&CatA_ID=0 would become something like http://www.ebasyi.com/sp/auction/auction.cgi?dgfgwyhhoosogtosegsegjyra possibly a little more secure and there must be a reason why the likes of ebay are doing it kind regards
This has nothing to do with security, just overhead for encode/decode variables. What you see in others they use the built in PHP sessions ID to keep track for cookies and user logged in.