#! /Perl
use strict;
use warnings;
use lib '.';                      # perhap needed if using IIS on NT/Win2K
use CGI qw(:standard remote_addr);

my $unique = $ENV{'REMOTE_ADDR'}; # caution: forgable
 $unique =~ s/\./_/g;
my ($expired) = 0;

tie my $session, "session_track", "C:/TEMP/$unique.txt";
&login if (defined($login));      # assuming $login is passed as a param 
&check_timeout;                   # call this in all programs you wish to do session tracking on

sub login {
 $session = time;
}

sub check_timeout{
 my $now = time;
 $expired = 1 if (($now-$session)>600) # 10 minute timeout
}

if($expired) {
   print header();
   print h3('Session timeout. No soup for you')

} else {

   # serve the soup ... your code here and then finish it with:
   $session = time;          # that is, reset the timeout with each new activity
}