Of course you can't do it AFTER the header is output, the cookie is set as PART OF THE HEADER! The cookie has nothing to do with your login form, it holds a small amount of information that you give to it.

if cookie doesn't exist {
  if form input { #process form input
    validate
    if validate succeeds {
      generate cookie
      output new headers and success page
      exit
    }
  } else {
  generate headers (without cookie)
  generate form
  output all that
}
[download]

Well thats one logic for it! Maybe a bit twisted as it is very late here. But YOU control the cookie.

I would suggest you find a good CGI course, there is a lot of good CGI stuff in the tutorials listed on this site. Anything which explains cookies will explain just how to go about doing this - the go and read the documentation for the CGI module on CPAN, or get the book "Official Guide to Programming with CGI.pm", it is all clearly explained in either place.

jdtoronto