Cookies are a pain in the rear, and fairly horribly documented. a few "features" that you will want to note:
- Cookies are placed in the header of a page. This means that the page that sets the cookie (for example, the page displayed after a login) will NOT have access to the cookie. Now, since that page is setting the cookie, it knows the information, but don't expect to be able to read it from the cookie. (For a demonstration of this, Try logging into PerlMonks, but refuse all cookies. At first it will appear that it worked, as the login page displays your login name, but later pages will not show you logged in, because they are looking for the cookie)
- Most browsers stop cookie processing as soon as they hit a cookie they don't like (written wrong, for the wrong domain, whatever). There is no indication when this happens, (except that later cookies aren't set)
- The CGI.pm documentation says in one place that PATH defaults to the script, and in another it says it defaults to blank (anywhere on the server). IIRC, it actually defaults to the script, which means that for a site-wide cookie, you'll need to set that.
- Turn remove a cookie, set the EXPIRES date to either "NOW" (I think) or some date in the past (I always use -3M )
I heavily recommend you turn on whatever "Confirm cookies" option your browser uses, and experiment. One major headache with cookies is that they don't appear in View Source, so running your script from the command line or telnetting to port 80 to try it out might be helpful.