Instead of open, you might try sysopen with the O_EXCL flag and retry if opening fails. That would only work on some operating and file systems.

Another common solution is to include pid ($$) in the filename. That should work for CGI, but you might get into trouble with e.g. mod_perl.

A complete solution would probably require some kind of locking to enclose the file creation into a critical section