I would first recommend that you use cookies. Take a look at Apache::Cookie since you're alread using Apache.

If you have some reason against using cookies, you can have all of your cgi scripts (except the base) check the referrer URL and bounce them back to the login cgi if the referrer isn't your site. Of course, any decent hacker can get around this too, but it would work in the case of someone just bookmarking a lower cgi.

- - arden.