pc88mxer, belated thanks for the first follow up.

Yes, users need to log in. I'm already using CGI::Session (via CGI::Application::Plugin::Session) to manage sessions. I'm using a session variable with expiration to keep track of their activity and time them out after certain period of time.

Here's what I'm trying to accomplish, in short... when a user's login goes inactive and they try to continue by clicking a link or submitting a form, I want to capture all the request details (ie, everything in the CGI object at the time), store it, prompt the user to reauthenticate, and then (after successful re-authentication) play back the original request using the stored request details. The whole goal is to prevent to user from losing data in form that may take a while to file in. Pretty reasonable?

I've actually got everything that worked out except for when the CGI object to be stored is from a POST that happened to have a file upload field.

I think your suggestion to store the actual POST data directly or save off the files manually (keyed by session_id) is where was headed originally. I was just wondering if I was missing something simpler. Been working on this stuff for a while, so I was afraid that I might be missing something obvious.

I'm not sure which of these two alternatives I like better:

1. If I store the actual POST data, I need to have separate routines to handle GETs and POSTs (serializing the CGI object added a nice layer of abstraction.) Getting the saved POST data back into a new CGI object is also a little tricky (but do able).
2. Scanning through the incoming CGI to save off files manually isn't difficult. Probably have to do something tricky to get files back into the CGI when its restored later. I'm pretty sure you can't do something like $cgi->param('uploadFieldName',$pathToFile). that would be way too easy.