While your "round peg into a square hole" solution might work, you could actually just do it by the book and be done with it. Square peg, square hole and all that.

The gist of it is that you need a page or script that generates a "401 Unauthorized" error. This is a message to your browser that it should prompt for authentication, and then you can go back to doing whatever you wanted.

This can be done through CGI.pm using the standard header method, such as a script called "logout.cgi" which has the following statement inside it:

print $q->header ( -status => 401 );

When they run the script again, you should redirect them using $q->redirect() to the main page.

To figure out when this script has been run the first time (i.e. logout request) and the second (i.e. redirect request), you will have to track who ran it, and from where, using some method, which could be as basic as temporary files, or a database column if you have such a thing available.

One trick that I once used was something like this. The page had a link to "logout.cgi?sess=4190141041&page=/home" where the stuff on the end was some random number. The "logout program" looked something like:

use strict;
use CGI;

my $q         = new CGI;
my $lock_dir  = "/tmp/lock";
my $other_url = 

my ($sess) = $q->param{sess} =~ /^(\d+)/;

if (-f "$lock_dir/$sess.logout")
{
      # Check for stale lock files here, too,
      # such as all those over 1 day old.

      # Remove this particular lock file
      unlink ("$lock_dir/$sess.logout");

      print $q->redirect ($q->param{page});
}
else
{
      # Create a zero byte lock file for this session
      open (LOCK, ">$lock_dir/$sess.logout");
      close (LOCK);

      # Return a refused message which causes the
      # browser to prompt for authentication.
      print $q->header ( -status => 401 );
}
[download]