That's because POST data comes into the program on STDIN, as opposed to the environment table which is used for GET data ($ENV{QUERY_STRING}). STDIN can only be read once, and so the first CGI object instantiated will suck it all up.

friedo++

Also, this is why app frameworks like CGI::Application and Catalyst are pure genious. In the case of CGI::Application, one says:

$self->query

and knows he has the right object.

If a code base has this particular type of bug, I'd probably be willing to bet there is a host of other worse ones lurking. I know because I've written them :-)

At a minimum, if CGI->new is being called more than once per request there are troubles. If it is being done with the session object, (sometimes) there are serious troubles.

The session manager I use is used in production on a large quantity of computers. It has probably been debugged by more than 100 people. The following is an example usage:

CGI::Application::Plugin::Session example

Building frameworks is fun, but if you're trying to up your productivity, check out a perl web app framework.

If you didnt read the link above, at least consider the following:

http://search.cpan.org/search?query=CGI::Application::Plugin&mode=all

There you'll find a html popup dbi profiler, database driven session based auth, heck even a CAPTCHA plugin.