One thing you need to be really careful of is what you store in cookies. Since all of the data is stored on the users machine, they have free access to change it. Sure you can encrypt it and then store it, but if are having JavaScript change values on the client side, it could become a real security problem fast, if such things apply, and they usually do, in one manner or other.

Also, most browsers have options for cookies, such as Only Allow Same Site Reading, or something like that which restricts sites from accessing any of your cookies other than those placed by that sight. I don't know that this would come into play in your case, but it never hurts to know that it might.

Doing it this way would involve at least two page views in order to do anything useful. First, the user would load the page, and the cookie would be set, and the JavaScript run, and the values changed. The page would then have to be reloaded again to get the new value. That is the way I would think anyway.. there might be other ways, but none are occuring to me now.

My advice: If you can set the values in Perl and store it encrypted as a cookie.. do it that way by all means.

Never trust any data coming from the user.