Szekeres, Edward wrote:
It seems to be just an attempt to do what is already done in
Apache2::AuthCookie (CPAN), which encapsulates a server side authentication.
+1
Exactly.
And I would add that before you start trying to implement you own authentication logic,
you should really think twice. HTTP authentication is a lot more messy than what you
would at first think, and you should first have a look at some existing CPAN modules like
the one mentioned above, and browse the code to understand what they are doing and why. Or
just use them, they work.
Just one aspect : if the URL from which the browser "thinks" the current page is coming,
is not the one from which the page is really coming, then it also means that any
/relative/ link inside your pages is not going to work as you expect it to.
