I am developing a web application that make use of the user
browser's cookies mechanism.
Then you're in the wrong place here: the closest match would probably
be comp.infosystems.
www.authoring.cgi
Once you'd worked out the strategy for what you want to do, then if
you had problems with programming it in Perl then it would be the
right time to come back here with those Perl problems.
Specifically my application will try to retrieve a session
key from the user's browser.
Wrong mental model. You don't "retrieve" cookies "from the user's
browser". If you send them one (or more): they might consent to send
them back, along with their subsequent requests. You get to read them
if they're there. Your server doesn't get to go raiding their cookie
store, in other words: the browser model is client-driven, and it
works better (for you as for them) to keep that in mind.
However I have a problem. My program
doesn't know how to handle the case when the user's browser has the
cookies mechanism turned OFF!
Take a look in the configuration options of any decent modern browser,
such as Mozilla. The user can consent to accept cookies selectively
according to the domain, they can ask to be prompted and accept or
reject eack cookie as it arrives; they can enable and disable the
sending of cookies at any moment.
If you assume, as so many beginners do, that you can just send them a
test cookie and see whether it comes back again on the next request,
and then assume that any other cookie will behave like that throughout
the whole activity, then it's likely that you'll get into quite a
mess.
This is because I don't know how to find out from perl code whether
the user's browser has cookies turned off or on??
You can't know that. So don't ask that question. Send them an
appropriate cookie (if you feel you must...*). If that cookie
subsequently arrives with a request, then it arrived and you may use
it; if it doesn't then you need to do something else. Just why it
didn't arrive is none of your business, in detail: they might have
refused it when it arrived; they might have set their browser to
reject all cookies that come from .com domains; they might have
accepted it when it came, and later decided to turn cookies off. And
so on. So stop worrying about whether (and how) they've got cookies
configured, and focus on whether cookies arrive with a particular
request.
A good choice, indeed: but it only gives you convenient access to
whatever the underlying mechanisms are capable of. Which is what
counts for the purpose of your current question IMHO.
good luck
(* you'll be aware that some users treat cookies as a privacy issue;
also, the unnecessary use of cookies inhibits cacheability and thus
makes for a less-responsive web experience).