Simple solution: Assuming that you have no root access, no cron access, no shell access then you can write session files to a temporary directory (or preferably a directory within your temporary directory.) Every time the script is run, make it lsdir and stat all the files then delete the ones with date 1/x hour before current time. This is a brute force approach, as you may have guessed.. This is not a problem for a small number of users/hits but will be if the system is popular.

You could write a small daemon that sat in the background and did the deletions every 5 mins. The main perl script could check for it's existance and restart it if necessary.

Or, write a process that sits on the end of a unix domain socket and holds all the session information internally. This eliminates files alltogether but gives major problems with concurrent access and serialization. Either you have one connection at once and pay for it in performance, or you do shared memory and semaphores and pay for it in code size.

These are all implementable solutions, you know how popular the system is going to be, what performance and how many concurrant users you are going to have. These will determine how professional the solution needs to be, and, ergo, the amount of effort you should put into writing it.