Forgive me for asking yet another fundamentally basic question.
I'm cutting a web app over from PHP to mod_perl 2, and am wondering how 'best' (for which there are many flavours ...) to handle authentication.
At present I've knocked up a site that does auth via a form and state tracking with Session.pm. The form checks usernames & passwords against a MySQL database, and the state is maintained by Session. This seems quite logical to me, coming from essentially a CGI background, but the discussion of handlers around here makes me believe there's a better way?
I see threads here discussing the use of handlers, which I don't really understand how they fit into the picture, they seem to my poor understanding to be a hardcoded chunk in httpd.conf, for handling authentation/state. Is there anywhere a dumb beginers guide to how this works? Do they set environment variables or something that a script can then look for that the script can be sure is legit? Or am I completely missing the point? Do I need to buy a book? It seems really bad to go hacking into httpd.conf, but maybe that's just my old-school conservatism?
for now I'm continuing with my form based authentication, but is there a 'better' way? And if so, what makes it better?
Carl
