$session->param( -name => "can_access", -value => 1 );

#sometime later, likely in a different request...


if($session->param("can_access")) {
#show secret page
} else {
#not allowed to see secret page
}