if ( form submission is login request ) { check login details, if wrong print error and quit $authreq->record_login(...username...); } if ( !$authreq->check() ) { display login form, quit if ( form submission is login request ) { check login details, if wrong print error and quit $authreq->record_login(...username...); } if ( form submission is logout request ) { die unless $authreq->mutate(); my $logged_out_user = $authreq->logout(); if (!defined $logged_out_user) { print "you are not logged in" error and quit } else { print "goodbye $username you are now logged out" and quit } } if ( !$authreq->check() ) { display login form, quit advantages of cookie - user can sort of log out by clearing cookies - sophisticated applications can have get-requests