The common or garden approach is to issue cookies to ensure data is only sent to the user who is "logged in" to your site. CGI and cookies are featured very heavily in the CGI::Session::Tutorial, CGI::Session being a popular place to find session management tools.

In addition there are the more specialised CGI::SecureState and Apache::Session.

Update: DBI is the most common Perl/Oracle interface and although the database session has to be understood as distinct from the CGI session, you can nevertheless make the CGI session available to Oracle using CGI::Session::Auth::DBI, which uses yet another authentication style.