Same and more questions ... > And now second problem. Has anyone modified one of these modules so, > that when user first enters the site he will get a cookie immediately > (with random generated ID) and can walk around there. And if he logs in > then the cookie gets modified accordingly (saying that user is logged > in).
I've got the same problem, as I'm using Apache::Session for generic cookie handling. Which is comfortable and on top I've got any session values stored in mySQL table. Then I wanted to build in my old style login,storing an loginflag to the actual session. When a secured page/file/component/location is requested and no loginflag is around he will be promted with a login page. So far so easy. Then I started to think ... a) Is the sessionkey of Apache::Session secure? Can it be tampered? Is some IP init? b) Could I use one of the existing Auth/Ticket modules working in the cookie of Apache::Session ... the same questions. BR Christian