PerlAccessHandler via set_handlers()?

[will trillich <wi...@serensoft.com>]

thanks one and all for the pointers on cookies. i probably grok
738% more than i did, but i have a feeling it's still only 13% of
the pie. or in this case, cookie...

so how's this PerlAccessHandler, for twisted logic? hole-punching
and pitfall-warning equally welcome:

#httpd.conf
	PerlAccessHandler My::TrollUnderTheBridge
	PerlHandler Something::OrOther

#perl
	package My::TrollUnderTheBridge;

	sub handler {
		my $r = shift;

		if ( &logging_in($r) ) {

			my $h = $r->get_handlers( 'PerlHandler' );
			unshift @{$h},\&checkUser ; # do &checkUser first
			$r->set_handlers( PerlHandler => $h );

		} elsif ( &needs_login($r) ) {

			$r->set_handlers( PerlHandler => [ \&login ] );
	#		return AUTH_REQUIRED; or not ?

		}

		return OK;
	}

	sub checkUser {
		my $r = shift;
		if ( &bad_passwd( $r ) ) {
			# generate html for username/password login screen, again
			&login( $r );
			# we handled it, other handlers won't be called (right?)
			return OK;
		} else {
			$r->headers_out->add( 'Set-Cookie' => &make_ticket( $r ) );
			# let normal handler do its thing
			return DECLINED;
		}
	}

so i can keep the same url for all three stages, with no need for
preliminary cookies:

	3. valid ticket -> show web pages
	else
	2. validate user/pass -> make ticket & show pages
	else
	1. login -> get user/pass

is this sound? or am i fuxnored?

--

but then from within &login() i'd like to be able to abort, like
so--