cookie + session are the methods widely used on the web. use the Apache::* modules for mod_perl or CGI:: if not.

here is a good resource on web security and it covers the stuff you discussed in great detail http://www.technicalinfo.net/papers/index.html