my $cgi = new CGI;

This statement performs the following 
operations:

- parses the http request
  - gets the parameters and store them
    internally, so that we can use
    $cgi->param('yada') later on
  - gets the cookies and store them 
    internally
- create a CGI object
- ... (and other stuff that will happen)

my $session = new CGI::Session("...", $cgi, {...});

- the CGI::Session module tries to create a 
  session object
  - first, it checks to see if a CGISESSID
    cookie is specified in $cgi
    - if the cookie exists
      - if the session id exists in the database
        and it has not expired do the following
	- retrieve all the session parameters
	  from the database into the
	  session object
      - else create a new session with a new
        session id
    - else (if the cookie doesn't exist)
      - create a new session with a new id
      
my $cookieStr = $cgi->cookie(
  -name=>'CGISESSID',
  -value=>$session->id
);

this statement creates a string which defines 
a cookie of the name 'CGISESSID', and the value
of the this cookie is set to $session->id.

print $cgi->header(-cookie=>$cookieStr);

this statement outputs the header of the http
reply. In order to define a cookie on a client,
the cookie definition must be in the header
portion.

At this point, from the client's (browser's)
perspective, if a cookie of the name
CGISESSID does not exist, it will be created.