# load CGI information
$cgi = new CGI;
 
# load session (from cookie) or create new one if not found 
if ($session = new CGI::Session(undef, $cgi, {Directory=>$SESSION_DIR})) {
   # expire after 10 minutes
   $session->expire('+10m');
	   
   # set cookie
   $cookie = $cgi->cookie(-name    => "CGISESSID",
	                  -value   => $session->id,
			  -expires => '+1h',
		          -secure  => 1);
   print $cgi->header(-cookie=>$cookie);

   # print opening HTML
   print $HTML_OPEN;

   if (defined $session->param('authentication')) {
      # user is authorised - allow access to site
      print "Welcome back"; # D

      ...
   } else {
      # authorise user
      if (&authorise_user) {
	 print "Welcome";
	 # set user info in session file
	 &log_state($session, 'authentication', 'passed')
      } else {
         print "You are not welcome";
      }
   }