Question: Integrating session user authentication/cgi interaction with static served items

[prev] [thread] [next] [Date index for 2005/02/11]

This is a bad subject, so let me elaborate on what is going on:

I have a mod_perl webapp that handles content permissions for 
'authenticated' and non-authenticated users.
'Authenticated' users are ones with a valid session-id from a login 
subroutine.  These are not Apache style dialog box  authentication.

This works fine for cgi content, but I would like to 'protect' certain 
directories of images/templates/etc from being accessed by people who 
are not logged in.

After glancing around the mod_perl cookbook and practical mod_perl 
books, I think i can simply call a mod_perl hook to set the user as 
authenticated and (i imagine) use some sort of apache auth system.

Can anyone confirm this, and/or suggest some good approaches?

Also, shooting myself in the foot on this, In the future I would like 
to split the server into 2 processes, and httpd and httpd_perl , so 
mod_perl overheard is only used when necessary.  I can't even imagine 
any way to handle passing  the user authentication from one server to 
the other for that.  Perhaps there is some method and its not too hard? 
  or maybe there's a known hack, like embedding a 1px transparent gif 
with the right auth info so it can auth if needed?

help?!