What I do in my L<MKDoc::Auth> module is that I have a mod_perl "optional" authentication handler which runs as a PerlFixupHandler.assuming you don't want to use basic or digest http authentication (aka popup boxes, which manage this kind of thing for you) typically the second (and future) script is kept unaware of the username/password. instead, the authentication script verifies the user/password and generates some kind of session token which is then managed. how you manage it can vary - you can use cookies, hidden form fields, url munging or somesuch to pass it around from page to page on the client side, then use some fancy expiration scheme on the server side.
The module always returns OK, but it always sets a variable $::MKD_USER which is:
* undef if the person is not successfully authenticated * or contains the login otherwise
This means that I can access the login anywhere in the program easily.
Another nicety is that bits of your program can 'lie' about what the user is using local().
This is useful if you want to 'su' to another user within your app.
So while it's not necessarily the cleanest piece of software design, it works for me :-)
basically you want to look for documentation on maintaining state. all of the mod_perl books mention something about it, so it should be pretty easy to find. IIRC the eagle book has a good explanation of ticket-based authentication using cookies, which is pretty simple (although I had a difficult time digesting it all when I was a newbie myself IIRC :)
[shameless promotion follows]
With MKDoc::Auth you get:
* HTTP authentication * "optional" HTTP authentication * sign-up functionality * lost password / lost login, login / logout / log as someone else * edit your account * delete your account
And a nice $::MKD_USER variable which you can use anywhere in your app.
-- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
