I have a bunch of web apps that use CGI::Application::Plugin::Authentication and they all function correctly with the latest versions of IE, FireFox, and Chrome on Win7, WinXP, and Ubuntu (10.04LTS and 12.04LTS).
SO... I hate to say it, but there's probably a bug in your code, not in the module. You shouldn't need to, for example, specifically call CGI::Session->new() in your run mode... I know you're only trying to reproduce the problem, but that looks weird. Assuming that you're also using CGI::Application::Plugin::Session, you only need to use $self->session(). And, assuming that your sessions are stored in a database back end, you should also be using CGI::Application::Plugin::DBH. Configuring these three to play nice with each other can be a little tricky.
Here's a link to a simple login tutorial I wrote a long time ago:
RFC: Proposed tutorial - simple login script using CGI::Application
Compare your code to my demo, especially the part that initializes the session module and the authorization module and see if you can spot any differences. That should help get you started.