I've not used WWW::Mechanize before, but I have done something similar to what you are looking for using Net::SSLeay

My webserver sent a sessionID variable which was required for all POST requests (this is sent only for the first page, and is verified for all subsequent POST requests sent). After posting to the initial page, did you check for any <form> embedded in the resultant html ($contents in your code). With my webserver, each post request would result in an HTML with another <form> element in it, and using the same cookie, I was able to sent a post request to the CGI script embedded in the HTML.

I would check for some kind of cookie/sessionID being sent by the server with the initial HTML...