while( ! defined $cookies{'authorized'} ) {
    if( param ) {
        if( validates ) {
            # Set authorization cookie
            next;  # Auth check will pass, so this is
                   # equiv to "last"
        }
    }
    # If we get here, the user hasn't successfully validated
    # Generate auth form.
}

# To arrive here we must have authenticated: Redirect.