It may be a performance improvement, based upon not having to shuffle multiple requests back to the calling environment (ie, perl layer for doing session management). It may also be better in that you can put a layer of SQL security over the data structures so that they can only be utilised using these procedures, and not directly manipulated (ie, nothing else can add, delete or update session or login information); grant execute prives on the functions, and nothing to the tables. You probably want access to the user table though, but with column level privs you can hide the password and password_previous fields.

James Bromberger, http://www.james.rcpt.to