Really, the only thing you want to store in a cookie is a sess_id. From the sess_id you can get any information you like that is stored server side.

I've only ever used CGI.pm because it is a tried and tested method, and it is *very* easy to use.

Check out this node for some info and other links on maintaining state with HTTP.