You can only achieve this securely with your operating system's permission system.

For example your CGI script could generate random session IDs and store them in a database or flat file and passes it to your non-CGI script, and your non-CGI script checks that resource (DB/file) if that session ID is present, and deletes it (to ensure it's used only once).

But if you want the scheme to be secure, you have to make sure that no other user on the system can read or write that file/DB - and that's the task of your operating system. For example on unix you'd have to run the apache process that starts the CGI under a special user, and all other users are not allowed to read/write that file/DB.

Thinking a bit more of it, perhaps you can just check the user ID - nobody but root and Apache can run a script under Apache's UID. (If your potential attacker has root access, you're lost anyway).