I rolled my own Application Framework - why? because of the experience gained.

It really isnt very difficult to get right. I've created a superclass that inherits from cgi::application that implicitly manages sessions and access control (in a secure manner, using "non determinate" tokens and a postgres backend.

All a programmer has to do is use base 'AppFrame' and write their application in a cgi::app style, add it to the database (for access control et al), and wuh-lah the applicaton is visible.

The authentication scheme is such that if i wanted to change to ldap, rather than an RDBMS, i just write another module with the same methods, and switch it over... nice and simple... ;-)