Looking at CGI::Session, you're most likely using $session->header. This is supposedly mostly similar to

    $cookie = CGI::Cookie->new(-name=>$session->name, -value=>$session
+->id);
    print $cgi->header(-cookie=>$cookie, @_);
[download]

So you should be able to replace the usage of ->header by the above two lines, with the appropriate secure=1 flag added.