Yes please always take the sessionID out of any URL you send to someone else. The session id data is only left by members that do not have their cookies enabled. Since the session ids expire in a short period of time, this generally is not a problem. One way to correct this is for members to accept cookies. Also Renderosity does not store credit card information. Thank you, Stacey Community Manager