Those questions are answered in the manual, as well as in the excellent tutorial.

1. You set the directory where sessions are stored with the Dir parameter;
2. Instead of printing $cgi->header(...), you can also use $session->header(). That contains the logic for whether you need a new cookie or not.