You need to look at using CGI::Cookie also. You're writing a cookie with the session ID in it, but you're not reading it back. Reading the session ID from the cookie is the first thing you should do. If there is no cookie/session ID, then you know it's a visitors first time - create a new session for them. If you DO find a session ID in the cookie, then they're a repeat visitor: use the ID to reload their session. Data in the session can be used to modify the page you display (i.e., if someone is logged in, display a "logout" button, else display a "login" button", etc.)