http://qs321.pair.com?node_id=7376


in reply to How can I authenticate HTTP sessions?

There's a few different ways to track user sessions, so you'll need to assess exactly which one is best for your needs. This is covered by an entire chapter in O'Reilly's Writing Apache Modules in Perl and C. I'll recap a few of the methods that don't absolutely require mod_perl.

Hidden tags - Each page is generated via a script of some type. Store the userid and such in hidden input tags of a form. This method generally only works with a linear flow of pages.

Cookies - This is probably the quickest and easiest to implement based on what you are asking for. Once they login, set a session-based cookie (goes away when they close their browser) that marks them as logged in. Of course, if someone has cookies turned off, this one isn't going to work.

Database - Store whether they are currently logged in with a database. You have to combine this with one of the above methods to keep track of a session ID. You can also keep track of the session ID in a query string on the end of your URLs.