Please advise on security

[Radu]

After completing many steps on the site I'm building, the user is
issued (by email) a confirmation/tracking number (a GUID, actually -
pretty hard to guess such a thing). This GUID points in my SQL server
tables to the detailes of that order, and it works great. So the user
actually receives by mail a hyperlink like the following:

http://www.MyWebSite.com/OrderingProcess/OrderTracking.aspx?ID=8278A697-75A1-4B7D-B285-8195B428CA28

Because at this point I have NOT implemented a security mechanism
(relying on the fact that I will issue less than 100 such confirmation
numbers/month, and the fact that it's pretty hard to guess a string
like "8278A697-75A1-4B7D-B285-8195B428CA28"), I worry now about the
browser's address history - a manager in the company might use the
link, say,

http://www.MyWebSite.com/OrderingProcess/OrderTracking.aspx?ID=8278A697-75A1-4B7D-B285-8195B428CA28

to review the details of his order, and then everybody else might dig
into the browser's history and retrieve that address.

Is there a way to (programatically) stop IE from registering an
address in the history ?

Is there any other better way to do all this *without adding security*
to the OrderTracking.aspx page ?

Thanks !
Alex