in reply to
Best secure state saving in CGI application
perrin is right, and when I can't use CGI::Application and its handy Plugin::Session, I go with CGI::Session. I don't know if it's more secure, but we have used CGI::Session::Driver::flexmysql to store sessions in a MySQL database (usually because we are going with load-balancing servers and can't rely on storing them in the traditional /tmp directory).
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot