Hello All, Apologies in advance if this is a naive/stupid question.
I'm after opinions on the best way to handle cookie and non-cookie-based authentication. Basically I have to put together a system where visitors must login to view protected pages. If they tick a box, the login process will set a cookie, which will authenticate them on future visits automatically. I don't need to store any other information about their session as they're just viewing normal HTML pages or performing basic admin. The platform is Linux using a recent version of Apache with mod_perl installed. As far as I can work out, there's two options: Option One - Embperl's Built-In Session I can use Embperl's built-in session management functions to check their login information and then set up a session with a long expiry time. This could then be used to log them in automatically each time they return to the website, until the cookie expires. However, this relies on the user having cookies enabled. Although the number of people with cookies disabled is relatively small for this website, the site must still be usable without cookies, so I'd also have to provide some form of simple login, checking with the database and then authenticating the user into the Apache session. Option Two - Use Apache::AuthCookie Install and configure Apache::AuthCookie to handle the authentication process. As I understand it, this would authenticate the user into their Apache session and set up a cookie (if they have cookies enabled), which would allow automatic login next time they visit the website (providing the cookie hasn't expired). My questions are: * Which is the better solution, both in terms of setting it up and also efficiency of use? * Have I missed anything? Is there something obvious I need to add to make this work? Any help is very much appreciated. Sorry if this has been asked before, but I checked the list archives and couldn't find anything similar. Toodle Pip Sam --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
