Hi Richard, Personally I've never used cookies much before, and I'm prejudiced against them. They are a very good and expedient method of session tracking, espcially with packages like Apache::Session, but I have always chosen to do my own session management. Remember there are 3 ways, rewritten URLs, cookies and hidden feilds.
an overview
Personally I favour serverside session objects to cookies and using a url rewritten session ID. If you implement this yourself you will have a much clearer understanding of what is gong on and more control. But don't fall into the trap of inventing your own obscured method for generating IDs if you want any kind of security from session hijacks. Just like everyone thinks they can write a cunning new encrytion algorithm they think theres a novel new way to do this, stick with standard methods.
So, in a nutshell, if you are prepared to experiment with non-cookie methods I would do that. For one thing it would solve your multiple window problem if you allow a range of valid ID's instead of relying on one cookie value. Best of luck,
Andy