When I need to share authorization code between different C::A applications, I put the necessary code in the cgiapp_prerun() method of a base module; then every application use that module and inherits everything needed, including some common run modes (i.e. login, login_failed, etc). BTW, this is also the suggested solution in CGI::Application documentation.
The following is a stripped down example from my code:
package MyApp::Base;
use base 'CGI::Application';
sub cgiapp_init {
my $self = shift;
# init your application: session, database, whatever is needed
...
# set the name of the run mode CGI param
$self->mode_param('rm');
# shared run modes
$self->run_modes('login' => 'login',
'AUTOLOAD' => 'autoload_exception');
return;
}
...
sub session { return shift->param('SESSION'); }
...
sub cgiapp_prerun {
my $self = shift;
my $runmode = shift;
my $user = $self->session->param('user');
unless ($user) {
$self->prerun_mode( 'login' );
}
}
Then in your application you only need to say:
package MyApp::Application1;
use base 'MyApp::Base';
...
and your application will be accessible only to authorized users.