in reply to Best practices for secure persistent login?
The common practice is to use a unique ID and use an SHA1 digest with a secret salt to prevent tampering with the ID. No need to build your own when CGI::Session is already there.
In Section
Seekers of Perl Wisdom