use CGI::Application;
my $webapp = WebApp->new();
$webapp->run();

package WebApp;
use strict;
use warnings;
use CGI::Session;
use base 'CGI::Application';

sub setup {
   my $self = shift;
   $self->start_mode('index');
   $self->mode_param('rm');
   $self->run_modes([qw(login index)]);
}

sub cgiapp_prerun {
   my $self = shift;
   my $q    = $self->query();

   my $session = CGI::Session->new(undef, $q, {Directory=>"/tmp"});

   if ($q->param('cm') eq 'Login') {
      $session->param(logged_in => 1);
      $session->param(username => $q->param('username'));
   }
   elsif ($q->param('cm') eq 'Logout') {
      $session->delete;
   }

   # Redirect to login, if necessary
   unless ($session->param('logged_in')) {
      $self->prerun_mode('login');
   }

   if ($session) {
      my $cookie = $q->cookie(CGISESSID => $session->id);
      $self->header_props(-cookie=>$cookie);
      $self->param(session => $session);
   }
}

sub login {
   my $self = shift;
   my $q    = $self->query();

   return $q->start_html(-title => 'Login')
      . $q->start_form()
      . $q->p('Username: ', $q->textfield('username'))
      . $q->p('Password: ', $q->password_field('password'))
      . $q->submit(cm => 'Login')
      . $q->end_form()
      . $q->end_html()
   ;
}

sub index {
   my $self = shift;
   my $q    = $self->query();

   my $session  = $self->param('session');
   my $username = $session->param('username');

   return $q->start_html(-title => 'Welcome')
      . $q->p("$username is logged in!")
      . $q->p($q->a({href=>'?cm=Logout'},"Log out!"))
      . $q->end_html()
   ;
}