On Fri, 5 Apr 2002, Geoffrey Young wrote: > > Since the authentication happens on every trip into the server, and I > > don't want to run my code (to set up an Apache::Session for the user's > > session data) until I'm sure I have a valid user on my hands, I can't > > see a way to do the session setup only the first time after a sucessful > > login. > > can't you do this in authen_cred()? IIRC authen_cred is only called when no > cookie is found, which means you have a first time visit (or an unsuccessful
Yes, do it in authen_cred() after you have checked the credentials, but before returning the username. authen_cred() is only called when you submit the login form. Regards, Michael Schout (AuthCookie maintainer).