My application has certain restriction so only users you are logged in should have access to. I want to present a login form to users who are not logged on. Once they have logged in they should only see 'log out' instead.
I am using Apache::Session to manage my cgi sessions, so to achieve this, I am thinking of sending a token with each page to the user which they will return to me whenever they request a new page. This means that each time a page is requested, I will have to test whether the user is authorised (aka logged in or not) by querying the session data. I am this will consume resources if I have to do this each time before serving a page. Any better ideas on how to tackle a situation like this? Mimi
