Security Assist could help you to overcome this issue. With the Security Assist Authenticate User server behavior used to login a user you will have the ability to store any details from that users record in a session variable. By default it will try to create a session variable for the userID. So when you go from page to page you should not pass the userID over the URL but you should use this userID session variable instead.
So if you are storing the userID in a session variable called userID you would reference the user id like this instead of the get:
$_SESSION['userID']