I'm working on a fairly large web app with CGI::Application and it's CGI::Session plugin. All authentication is done through the latter, and I'd like to selectively grant access to file downloads on the basis of my database driven CGI::Session authentication scheme. What's the best way to do this?

My best idea at the moment is to have the CGI script read the files and return them after checking session authentication and permissions from the DB. For instance:

would return the file foo.mp3 with the appropriate mime type and everything. These are hour long mp3's though, and it seems as though this scheme might be problematic.