To encode:

use Digest::MD5 qw( md5_hex );

my $public_part = "username";
my $secret_key = "foobar";
my $hash = md5_hex( join ':', $secret_key, md5_hex( join ':', $public_
+part , $secret_key ) );
my $session_key = "$public_part:$hash";
[download]

To decode:

use Digest::MD5 qw( md5_hex );

my $secret_key = "foobar";
my ( $username, $supplied_hash ) = split /:/, $session_key;
unless ( ($enc_user =~ /^[a-zA-Z0-9_\%]+$/) &&  $supplied_hash =~ /^[0
+-9a-fA-F]{32}$/) ){ #err }

my $hash = md5_hex( join ':', $secret_key, md5_hex( join ':', $usernam
+e, $secret_key ) );
  # Compare it to the hash they gave us.
  unless ( $hash eq $supplied_hash ) { #err }
[download]

I would also percent encode/decode you cookie data before/after your md5.