#!/usr/bin/perl

use strict;
use warnings;
use CGI qw(param);
use CGI::Session;

my $session = CGI::Session->new();
$session->expire('5m');
$session->param( 'TestName', 'TestValue' );
my $sessionid = $session->id;
$ENV{REMOTE_ADDR} = '127.0.0.1';
$session->flush;

$session = CGI::Session->new($sessionid);
CGI::Session->import('-ip_match');
$CGI::Session::IP_MATCH = 1;
print "IP_MATCH is turned on\n";
 
if (my $cse = CGI::Session->load($sessionid)) {
     print "Session loaded\n";
}
else {    
     die CGI::Session->errstr();
}
print $sessionid, "\n";

my $dir     = '/root/Desktop';
my $file_id = param('/id_mod');

open my $fh, '<', $dir or die $@;
my @fileholder = <$fh>;
close $fh;
print "Content-Type:application/x-download\n";
$session->flush;
[download]

All the web pages are secured using CGI Session

Thats odd, CGI::Session doesn't provide security

but I cant figure out how to protect the download files. Is there a way to hide the filenames from the user?

The same way you're protecting the pages?

Instead of having the webserver (apache) serve files, have your "pages" serve the files instead

Any suggestions would be appreciated!!

I could have sworn I've seen this wheel already, but I'd be darned if I can remember the name -- I would try looking for existing solution before inventing my own

Isn't that wheel called moodle? ;)

As long as it isn't called Blackboard... Ugh, that system is awful. Or at leat it used to be when I was in college, and I hear it hasn't gotten much better over time.