This is a bad subject, so let me elaborate on what is going on:
I have a mod_perl webapp that handles content permissions for 'authenticated' and non-authenticated users.
'Authenticated' users are ones with a valid session-id from a login subroutine. These are not Apache style dialog box authentication.
This works fine for cgi content, but I would like to 'protect' certain directories of images/templates/etc from being accessed by people who are not logged in.
After glancing around the mod_perl cookbook and practical mod_perl books, I think i can simply call a mod_perl hook to set the user as authenticated and (i imagine) use some sort of apache auth system.
Can anyone confirm this, and/or suggest some good approaches?
Also, shooting myself in the foot on this, In the future I would like to split the server into 2 processes, and httpd and httpd_perl , so mod_perl overheard is only used when necessary. I can't even imagine any way to handle passing the user authentication from one server to the other for that. Perhaps there is some method and its not too hard? or maybe there's a known hack, like embedding a 1px transparent gif with the right auth info so it can auth if needed?
help?!
