in reply to
CGI::Session keeps re-using same session ID
In addition to the admonition, “do not do a thing already done,” session handling code normally does not rely particularly on the browser to keep or not-keep the cookie. Instead, it deletes the database-record corresponding to that cookie value. The user is considered to be “logged on” only if the cookie in some way corresponds to a database record that exists and that says the user is logged on. Even if the same session-ID cookie somehow keeps coming up again and again, what matters is what is happening on the host.