Personally I use CGI::Session which generates an MD5 hash which is 'carried around' or used in a cookie. I have never had a problem with it ( One site I did uses around 100K session ID's per month )

jdtoronto