I will be running a cgi script on a server that will require basic authentication

Why not just use HTTP authentication? Generally re-inventing your own authentication system is unnecessary when HTTP has one built in.

You might still want a cookie to maintain session state if you're anticipating that one user may log in from more than one location, but that's now a more manageable goal when authentication is removed from that requirement.