That sounds like a bug in your program :-)

Is there a good reason you're not using the well-tested and easy to use CGI::Session? By the way, storing the username/password in a cookie doesn't buy you any extra security if you have a good session system. It'll probably even be a security risk if any of the other users manages to do a XSS attack. Some monk here has an example on his home-node, but I forgot who.

Update: remember that you can't read cookies or query parameters from a script included using SSI.