Did you read through the
tutorial? I admit that it isn't a step-by-step how-to-do-it, but it has a lot of information.
There is a subtle difference between the use of session management to maintain persistent data between web requests, and how to authenticate users. You might want to review some of the previous posts by people who were also confused by this.
Concern with CGI::Session
CGI Session question
Session / User Management
These postings were found by using the [id://Super Search] link and entering "CGI::Session". The above three links are only the most recent. There's lots more information out there!