Well it appears I hve worked this out. I think the problem was th "mystery" cookie that had no name and blew the routine up. Still don't know where it comes from but appears each time I run.

sub GetUserSessionCookie
{
    warn("Entered GetUserSessionCookie Sessionname: '$sessionname'"); 
+   
    my $sid;
        my $sessionname = 'CGISESSID'; 
#    # fetch existing cookies
    my %cookies = CGI::Cookie->fetch;
#    warn Dumper \%cookies;
    while ( my ($sessName, $sessId) = each(%cookies) ) {
#       Dumper($sessId);
       if ($sessName eq $sessionname) {   
          $sid = $sessId;   
         }
      }
#     $sid = '12ba7ce0cfeeae8e8a934af6724910e9';
#      $sid = '1492';
#      $sid = 0;
    
    return $sid;
}
[download]

Whew. Thanks all.

I bet it was just the my $sessionname = 'CGISESSID';

When i run

 
  my %cookies = CGI::Cookie->fetch;
  print encode_entities(Dumper(\%cookies))."\n";
[download]

I see

$VAR1 = {
          'TSSID' => bless( {
                              'name' => 'TSSID',
                              'path' => '/',
                              'value' => [
                                           '40d64ab47d37f6c7ae806dc11a
+59f242'
                                         ]
                            }, 'CGI::Cookie' )
        };
[download]

Remember im using TSSID rather than CGISESSID. So you are setting $sid to a hash reference that looks a whole lot like what i get when i run

  my $cookie2 = $q->cookie(TSSID => $session->id );
  print encode_entities(Dumper($cookie2))."\n";
[download]

ie:

$VAR1 = bless( {
                 'name' => 'TSSID',
                 'path' => '/',
                 'value' => [
                              '40d64ab47d37f6c7ae806dc11a59f242'
                            ]
               }, 'CGI::Cookie' );
[download]

and that as $sid makes no sense if you ran

my $sessioncookie = new CGI::Cookie(-name=>$sname,-value=>$sid,-expire
+s=>$session_cookie_timeout,-path=>'/cgi-bin',-domain=>$domain,-secure
+=>1);
    print header(-Cookie=>[$sessioncookie],-type=>"text/html");
[download]

but does make sense if you instead ran

    print header(-Cookie=>[$sid],-type=>"text/html");
[download]

see if i run

{
my $sname = 'CGISESSID';
my $cookie2 = $q->cookie(TSSID => $session->id );
my $sessioncookie = new CGI::Cookie(-name=>$sname,-value=>$cookie2,-pa
+th=>'/cgi-bin'-secure=>1);
print encode_entities(Dumper($sessioncookie))."\n";
}
[download]

i get

$VAR1 = bless( {
                 'name' => 'CGISESSID',
                 'path' => '/',
                 'value' => [
                              bless( {
                                       'name' => 'TSSID',
                                       'path' => '/',
                                       'value' => [
                                                    '40d64ab47d37f6c7a
+e806dc11a59f242'
                                                  ]
                                     }, 'CGI::Cookie' )
                            ]
               }, 'CGI::Cookie' );
[download]

and that just looks wrong.

and note that if i run

  my $sname=''; 
  my $cookie3 = new CGI::Cookie(-name=>$sname,-value=>$session->id,-pa
+th=>'/cgi-bin',-secure=>1);
  print encode_entities(Dumper($cookie3))."\n";
[download]

i get back

$VAR1 = bless( {
                 'name' => '',
                 'path' => '/cgi-bin',
                 'secure' => 1,
                 'value' => [
                              '40d64ab47d37f6c7ae806dc11a59f242'
                            ]
               }, 'CGI::Cookie' );
[download]

ie: a cookie with no name