The most robust thing to do is to place one unchanging cookie into the browser, then make all your state changes by tying that cookie into a time-limited login session on server side. I illustrate that point in the oft-referenced cookies article, including sample code. Someone even coded that into a module, but I can't remember where it is now.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.