It looks fine to me.

Note that CGI::Session can do much of that work for you, for example session storage and expiration.