The unique_id() function I use (pieced together from the Camel, Randal's suggestions, and elsewhere) is:

sub unique_id() {
    # Use Apache's mod_unique_id if available
    return $ENV{UNIQUE_ID} if exists $ENV{UNIQUE_ID};

    require MD5;

    # ** Note ** This is intended to be unique, not unguessable.
    my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$));
    $id =~ tr|+/=|-_.|;     # make non-word characters URL friendly
    return $id;
}
[download]

By using hexhash instead of base 64 you're also more likely to come up with ID that are safe to use (read, "no funny characters that might do something bad")