You need to find out exactly what is happening. I recommend that you begin a fresh session with cookies cleared from browser and browser set to ask you for each cookie. Also, use file-based Data::Dumper serialization (for transparency in observing file contents) in CGI::Session and clear out the session directory. (Clean initial condition) Finally, make sure to write the received cookie info to the error log so that you can tell when your app either sets (via browser asking you) or receives (via server error log) a cookie.

Then, go to the app and observe the cookie that is set and the file that is created. Go again to the app, verify that the cookie that was set is indeed sent back, and processed properly. Verify that the same cookie gets set again with identical session ID value.

The answer for you will be found wherever this breaks down. Good luck.