If you're going to use CGI::Session, you might want to go ahead and pull the data out of the URL, and put it into the session cookie:

$session->param('field_name', 'field_value');

If you really care about data coming directly from foo.cgi, then you should put the data into a session cookie that can expire, rather than a URL that can be bookmarked.