In your "else" clause, instead of creating another form ("click here to continue", etc.), just issue a redirect (which goes to the same place your button-click takes you.)

I have already printed my header, and as far as I can tell a redirect like this:

print redirect(-location=>"http://my.site.org/Switchboard.cgi");
[download]

only works if you print it before you print the header. If I do it with Javascript I still need a button-click event to trigger it. Also, session information is in the form items and will be written into cookies on the receiving script. Cookies have to be written with the header.

Storing session data in a cookie is a bad idea - very easy to hack. The better way is only store a session id, then you use that id to lookup the actual session data on your server.

As for the redirect - you need to avoid sending out the header info until you know which page you're going to be generating. But, another way that might work is to include a meta tag like this inside your header:

<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=http://my.site.org/Switchboard.cgi" >

This will result in your original page loading, but then immediately redirecting to another page. Just take out all of the original content - the users will just see the page go white after logging in, then pop into the "switchboard".

The trick is to simply delay sending your header until you know what you want to send as a header :)