in reply to Cookies on Apache vs cookies on IIS

I think you have a silent typo. Try changing     -expire => '', to     -expires => '', and double-check what '' means as an expire time. My quick read of the CGI pod doesn't say anything about this being legal, and a glance through the code suggests that you're not going to be sending an Expires header. Are you sure this is what you want?