The headers from an SSI are mostly ignored, except that they have to be valid (and might contain an internal redirect, which is processed). They don't leak through into the return HTTP reply, so you can't set cookies from there.

If you need to set a cookie, you need to have the page control the header somehow... so either generate it from CGI, or something cooler, like HTML::Mason or Template.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.