The most secure system I have used for this type of scenario is a piece of OS software by the name of Interchange
. It is touted as predominately an eCommerce solution but is actually a very good 'content management' system with eComm facilities built in. Supports either flat file or SQL Db management for the backend and utilises session management by creating a flat file filehandle for storing any arbitrary data that is desired. It may be a little OTT for your application but I would advise a quick look anyway as you may find some of the features to your liking. My main reason for suggesting this S/W is that is incredibly secure and written in Perl... YMMV.
Update: typos fixed.