Another option is to create your own htauth style thing. However, I think it requires a recompile of stock Apache. There is a -D option that allows you to let HT Authentication tokens be passed through in the the $ENV{HTTP_AUTHORIZATION} variable. Some may discourage this as it opens the submitted username and password up for viewing inside the script, but it is no less secure than what you were doing with cookies. The benefit of this is that you don't have to do mod_perl (you can, we have scripts to use it and some that don't that use the same login system).

package MyAuth;

sub Authorize {

  $ENV{HTTP_AUTHORIZATION}=~/^Basic (.*)/i ){
  my $up = $1 || '';
  my ($user,$pass)=split(/:/,BASE64_DECODE( $up ),2);

  if( db_query($user,$pass) ){
    $ENV{REMOTE_USER} = $user;
    return "success";
  }else{
    print "Status: 401 Authorization Failed\r\n";
    print "WWW-Authenticate: Basic realm=\"whatever\"\r\n";
    print "Content-type: text/html\r\n\r\n";
    print "Content to be displayed on a canceled login.";
    exit;
  } 
}
[download]

Then in your cgi put the following...

#!/usr/bin/perl
use MyAuth;
MyAuth::Authorize;
# below this line I am authorized
# do whatever else
[download]

You can even write a hybrid that does cookies if they have them, and htauth if they don't (we have a hybrid system that does just that).

my @a=qw(random brilliant braindead); print $a[rand(@a)];