User submits password 
                      |
                    valid?
                      |
            +----Y----+-----N----+
            |                    |
        write new              login                   
      CGI::Session            screen
       and cookie
            |
      next TMPL screen
          output 
            |
       user selects
      different page
            |
     back to index.cgi
            |
     check for session
            |
    +---Y---+-----N----+  
    |                  |
 write new           login                   
CGI::Session         screen
 and cookie
    |
sessionid ok
but params gone!  
    |
new TMPL page
  output

##</code><code>##

sub set_session {
   my $session = new CGI::Session("driver:File", $query, {Directory=>'/tmp'});
   $session->param('user_name', $user_name);
   $session->param('user_id', $user_id);
   $session->param('logged-in',1); 
   $session->expires("+15m");
	
	my $cookie = $query->cookie(CGISESSID => $session->id );
	print $query->header(-cookie => $cookie);
}

sub get_session {
   my $session_id = cookie('CGISESSID');
   my $session = new CGI::Session("driver:File", $session_id, {Directory=>'/tmp'});
   
   if ( !$session->param('logged-in') ) {
      show_login();
   } else {
      $user_name   = $session->param('$user_name');
      $user_id     = $session->param('$user_id');
	}
}