#!/usr/bin/perl
use warnings;
use strict;
use CGI::Carp qw(fatalsToBrowser);
use CGI qw/:cgi/;
use Data::Dumper;
use CGI::Session;
my $query = new CGI;

my $session = new CGI::Session(undef, $query, {Directory=>'/tmp'});

$session->param('username');  #from log-in form
$session->param('logged-in',1);
$session->expires("logged-in", "+1m");

my $cookie = $query->cookie(CGISESSID => $session->id );
print $query->header(-cookie => $cookie);

---------------

my $session_id = cookie('CGISESSID');
my $session = new CGI::Session(undef, $session_id, {Directory=>'/tmp'});

if ( !$session->param('logged-in') ) {
   log_in(); #force them to re-log-in
}

my $username = $session->param('username');

#continue...

##</code><code>##

my $s = CGI::Session->load($session_id);
if ( $s->is_expired ) {...