Apache::AuthCookie or Apache::AuthDBI or Apache::???

[Kenneth Frankel <ke...@atsbank.com>]

What's the best way to authenticate users?  I have a site where the entire 
site is to be protected. I want to log users in at the front of the web 
site, and keep them logged in as they travel around.   I was trying to get 
AuthCookie to work but haven't been successful so far.  Should I continue 
down this route?  Is Apache::Session + AuthBasic better?  Or is AuthDBI?  I 
have a mysql database handy.  What's the most popular Auth method 
nowadays?  Is there a popularity/usage chart compiled anywhere?

Thanks in advance!

Kenneth

Re: Apache::AuthCookie or Apache::AuthDBI or Apache::???

[Vivek Khera <kh...@kciLink.com>]

>>>>> "KF" == Kenneth Frankel <ke...@atsbank.com> writes:

KF> What's the best way to authenticate users?  I have a site where the entire 
KF> site is to be protected. I want to log users in at the front of the web 

For a site whose contents are entirely protected, I'd use basic auth
with a cookie override.  That's what I've done in the past.  Neither
of these require perl or mod_perl, though.

See the apache module registry at www.apache.org for references to my
mod_auth_cookie which tricks Apache into converting a cookie into a
basic auth header.  How you set the cookie is up to you...

How you authenticate depends mostly on your needs of maintaining the
database.  I've used flat files with htpasswd, dbm files with htpasswd
and my own home brew scripts, and MySQL tables with my own scripts.

None of these require mod_perl, either, but you can use mod_perl based
versions of the necessary authentication modules.