When you say this doesn't help, do you mean you get the same error message as before? I am assuming that the requirement is for decode_magic_token to return 0 in case of any difficulty, but please confirm if this is your desired behavior. Have you generated a 0 return value from decode_magic_token and obtained the desired result (say a user-friendly error page that you've written yourself, or whatever is supposed to happen when the user comes back with a bad token)?

I would try the eval in a smaller scope. Modifying your decode_magic_token, I might say

    my $decrypted = eval {
        LocalSites::Crypt::decrypt_string($token)
    };
    return 0 if !defined $decrypted;    
    my ($id, $username, $password) 
        = split /\|/, $decrypted;
    return $id;
[download]

Or since decrypt_string is also under your control, how about putting the eval there?