if these are cgi scripts that you're referring to, you may have a better go with your webserver's security rather than cobbling something together with perl.
If you're using apache, I'd look at their security tips, as a start.

Under no circumstances should a cookie be considered secure.

Obperl : use strict; can only help ;)