in reply to CGI::Session login problems

This is potentially dangerous. 
$ipaddr = $s->param('_SESSION_REMOTE_ADDR');
$hostname = qx#host $ipaddr |awk {'print \$5'}#;

[download]
Turn on -Taint, then untaint $ipaddr, like 
$ipaddr = $1 if $s->param('_SESSION_REMOTE_ADDR') =~ /([\d.]+)/;

[download]

In Section Seekers of Perl Wisdom