my $q=new CGI;
.....
$token=valid_login($q)
redirect_to_login($q) unless $token;