I'm going to strongly disagree. Embedding code into your formatting is wrong and grossly unmaintable. And it makes writting a 'Web application' more like writting a series of web pages that don't often interact well.

The original poster is on the right track by using a templating system. It allows for a single program to output the correct code based on its input. I have a feeling that its faster than EmbedPerl or Mason as well.

To answer the poster's question about sessions, I usually roll my own for flexability purposes. I use MySQL's MD5 function and random data to create keys and just send cookies to the user's browser. I typically create a 'login' module that checks for sessions or displays a User/Pass form. md5_hex() from the Digest::MD5 module can also be used in place of MySQL.