First thing first: print header(-cookie=>'sessionID') prints a header like this:

Set-Cookie: sessionID
Date: Mon, 04 Aug 2003 02:50:03 GMT
Content-Type: text/html; charset=ISO-8859-1
[download]

Which I believe is not what you were hoping for. Use cookie() to return something that will work. Now here is your program in pseudocode:

1. Check for a cookie by the name of sessionID. If it is something that can be evaluated as true, welcome them like your long lost puppy named Cocoa.
2. Print a header which is the only place from which one may set a cookie and start the html. Proceed as if nothing that should set off fireworks in your mind just happened.
3. Print a form.
4. Check to see if any parameters exist. If they do:
   1. import md5, md5_hex, and md5_base64 from Digest::MD5. Of course, only md5_hex is used but he needs friends :)
   2. Read in and set variables for parameters username and password, not bothering to see if they're set to anything.
   3. Produce an md5_hex hash of the password given.
   4. Check to see if a login entry exists for the username supplied and check to see if the entry matches the md5_hex hash of the password provided.
   5. If so, welcome them to valhalla! (...even though we just printed out a form asking for login credentials). Create a cookie whose contents will never be placed in the header since the header has already been written to the browser.
   6. Drink a beer, this snippet is done.

You may notice the emphasis on part 2 and part 4.5. The cookie MUST be placed within the header. Check everything prior to printing the header.

Update: Ugh...sarcasm...*sigh*. So you know I'm not a bad guy:

my %options;
my $cookie;
if (cookie('sessionID') && checkSessionID(cookie('sessionID'))) {
  $cookie = cookie(-name    => 'sessionID',
                   -value   => cookie('sessionID'),
                   -expires => '+1h',
                   -path    => '/');
}
# you may notice I don't use -secure=>1...this is because
# you require an ssl certificate to be present for the
# cookie to work (although not all browsers really follow it)
elsif (param('username') && param('password') && checkUserPass(param('
+username'),param('password))) {
  $cookie = cookie(-name    => 'sessionID',
                   -value   => makeCookie(param('username'),param('pas
+sword)),
                   -expires => '+1h',
                   -path    => '/');
}
$options{"-cookie"} = $cookie if $cookie;
print header(%options),start_html;
# now if $cookie is set, print stuff as if they're logged in
[download]

Hope this helps.

antirice    
The first rule of Perl club is - use Perl
The ith rule of Perl club is - follow rule i - 1 for i > 1