I agree that CGI::Session is the way to go - but please note that ideally all you should store in the cookie is the session ID - all other data will be stored server-side (in a file, in a database, etc.).