I do a duplicate check (though I'm more likely to hit the lottery (and I don't even play it) than hit a duplicate key) and I delete the keys every day with a cron job. I also set the cookies to expire when the browser session ends (though you can get around this with LWP).

Is linux/perl good enough at generating random numbers that this scheme I have is secure? Can someone, somehow predict future keys?

I don't mind rewriting my code, if it's necessary.

-Any sufficiently advanced technology is
indistinguishable from doubletalk.