You can roll your own with DBI (and your favorite DBD::), Digest::MD5 (to generate your session ids... just one way to do it), and Data::Serializer. I use these together in a custom session object that follows the same flow as you have.
- create and store session id with browser(through cookie, url, or hidden form fields)
- use session id as map to key/identity in your db store
- serialize your data structure with Data::Serializer right into the db
If you can't map the session id, assume its a new session and regen a new session id. You should track your session data by last access time (so your write/commit method might update a timestamp for example).
With Data::Serializer, you can get fancy and have deep nested hashrefs and blessed objects. Be careful though that your blessed objects are refreshed when thawed. Otherwise you will have a good long time debugging stale data. =]