in reply to Concern with CGI::Session
If you want to authenticate users and you want to use CGI::Session, can I suggest you have a look at CGI::Session::Auth. It will do all the work for you, and it will give you an idea of how authentication with a session works.
The basic idea is that every user gets a session regardless of whether they are logged in or not. Once a user successfully logs in, a parameter is set in the session that states that this user has already logged in. So the next time that user comes back, you check in their session to see if they have logged in. If this special variable is not set, then you know they haven't logged in and you redirect them to a login form.