Several people have pointed out that it's better to store an opaque id in the cookie, and they are right. However, the cryptography is also somewhat interesting. Your approach is vulnerable to a bit-flipping attack, which lets someone make certain modifications to the cookie even if they can't decrypt it. This is an inherent problem with CBC mode, and Crypt::CBC makes it easily exploitable.

use Crypt::CBC;
my $cbc = Crypt::CBC->new("Blowfish");
my $msg = $cbc->encrypt("foo");
print $cbc->decrypt($msg), "\n";
my $msg2 = $msg ^ (("\0" x 8) . "\4");
print $cbc->decrypt($msg2), "\n";

__OUTPUT__
foo
boo
[download]

Notice that I XORed the IV embedded in the ciphertext with 4, and that resulted in the decrypted plaintext being XORed with 4 as well. Combine this with Tweaking CRCs and you can undetectably alter the first few bytes of the cookie.

I second the recommendation for proper MACs like Digest::EMAC or Digest::HMAC. You can easily get bitten if you try to cook up your own ad-hoc scheme with CRC.