Fran Fabrizio wrote: > Unfortunately, there's some terminology muddling...AuthCookie calls it a > session when it establishes that a user is a valid user and sets a > cookie on their browser. Apache::Session considers a session a series > of page hits from the same user. It assumes you've already done > whatever you need to do to assure that the user is valid.
I think you may find that neither of these does everything you need without a bit of additional coding. The common way to do this sort of thing is to use Apache::Session to track sessions (as in a series of page hits from the same user), and if the user authenticates, you put his user ID into the session data. You would have to do the auth part yourself, as well as the actual cookie handling, or else hack AuthCookie to cooperate with Apache::Session. - Perrin
