I think that you need to do some online research to better understand exactly how cookies work in the HTTP protocol ... “for the moment, at least, ‘never mind Perl.’”   Don’t keep staring at that piece of code:   get the surrounding picture.   It will be very helpful for you to use a web-browser debugger, such as the Firebug add-on for Firefox or the built-in debuggers of IE or Opera, to allow you to watch the HTTP traffic that is actually passing between your machine and the server.   With these tools, you can see the content of the HTTP headers of both the request and the reply:   the set-cookie directives and the subsequent inclusion (or not... oops...) of the cookie value in subsequent exchanges.   Whether the data is being sent via GET or POST or both, “there it is ... what went out, and what came back ... ping and pong.”   Reset the browser and clear all cookies with each test (the debuggers provide this with a button-click).

My educated guess is that the root cause of the problem won’t turn out to be “in the Perl code per se at all,” but rather in exactly how the code you’re looking at, and/or the code which surrounds it, is interacting with the server and thence with the client.   You might be looking at the right thing now, or you might be looking at a red herring.   No way to know yet, but you can find out.   The best way to identify exactly what is the bug that you are searching for, is, as I said, to watch the actual back-and-forth HTTP exchanges that the existing code is now producing; rightly or wrongly.   Once you can say, “there is the incorrect exchange,” you can find its root cause straight away in whatever source-code and/or configuration file it ultimately might turn out to be.   “You learn a lot by watching.”

HTH ...