my $dbh = DBI->connect(....);
  if(my $sidcookie = browsercookie('acme_sid')) {
    if(acme_sid is in the sessions table in the database) {
      if(the ipaddr matches current, and last_access_time doesnt indicate the session timed out already) {
        update_db_last_access_time;
        return $session_object;
      }
    }
  }
  if(username/password cgi parameters exist) {
    check user authentication against database - if it flies, create a new session table entry (hash random numbers for the session id) and then...
    send set-cookie: header to browser with the new acme_sid cookie
    return $session_object
  }
  print_login_page (which submits the above user/pass cgi params)
  exit(0); (if we made it here, don't return control to the calling script)