use Digest::MD5 qw( md5_hex );

my $public_part = "username";
my $secret_key = "foobar";
my $hash = md5_hex( join ':', $secret_key, md5_hex( join ':', $public_part , $secret_key ) );
my $session_key = "$public_part:$hash";

##</code><code>##

use Digest::MD5 qw( md5_hex );

my $secret_key = "foobar";
my ( $username, $supplied_hash ) = split /:/, $session_key;
unless ( ($enc_user =~ /^[a-zA-Z0-9_\%]+$/) &&  $supplied_hash =~ /^[0-9a-fA-F]{32}$/) ){ #err }

my $hash = md5_hex( join ':', $secret_key, md5_hex( join ':', $username, $secret_key ) );
  # Compare it to the hash they gave us.
  unless ( $hash eq $supplied_hash ) { #err }