Christian Gilmore wrote:
Sounds to me like you really dont need AuthCookie at all. You could just as easily do all of this by writing a PerlAccessHandler that does the above things.1. Read data from existing cookie. 1a. Redirect if cookie is non-existent. 2. Accept or reject cookie. 2a. If rejected, redirect. 2b. If accepted, populate environment and return.
I'll second Perrin's comments. You definately have security problems with this. The only way to do this securely is to cryptograpically sign the cookie and to encrypt the data on the wire using SSL.
Mike
