Perhaps try something like this in your cgiapp_prerun():

sub cgiapp_prerun 
{
    my $self = shift;
        
    # Make CGI params avail
    my $q = $self->query();

    # Open existing session (from cgi cookie id) or open new session
    my $session = new CGI::Session(undef, $q, {Directory=>'tmp'});
    $session->expire('+1h');

    # Set Cookie containing session id    
    my $cookie = $q->cookie(CGISESSID => $session->id);
    # C::A method to send send HTTP properties directly to CGI.pm head
+er
    $self->header_props(-cookie => $cookie);

    # Reset some session, C::A, & CGI params if user just logged out
    if ($q->param('rm') eq 'logout') 
    {
        $session->param('logged_in'         => 0);
        $self->prerun_mode($self->param( 'default_rm')); 
        # Reset other params
    } 
        
    # Make session params available to other subs & modules
    $self->param(session => $session);    
}
[download]

I dont know much about CGI::Application, but with CGI, what youre saying sounds easy.

Cookies seem to be your solution. When a user signs on, give 'em a cookie which expires when the browser closes. Have your CGI(s) be cookie-aware and all sounds like it should be well.

Look at the docs for the CGI::cookie function.