if(verify_password($username, $password)){
        # write new HTTP session
        my $session = new CGI::Session(undef, undef,
                {Directory=>"/tmp"});
        # inititialize session variables (expiry, etc)
        $session->param("~logged-in",1);        #set logged in flag
        $session->param("username",$username);  #write username in session
        $session->expires("~logged-in", "+5m"); #set 5 minute expiration

        # write sid to client cookie
        $cookie = $cgi->cookie(CGISESSID => $session->id);
        print $cgi->header(-cookie=>$cookie);

        print_success();
        exit;
        } else { print_failure(); exit;}