non-.htaccess cached authentication recommendation
Posted on 2003-03-23
I'm creating a page into which users will log in. This web server is running on apache, on a FreeBSD machine. The pages will be created in Perl. I will be authenticating off a remote radius server using Authen::Radius. That's what I'm working with, so these details are not an option.
All of the above I've worked with before, except for the idea of caching an authentication. For example, index.html requests username and password. They log in, and now they are authenticated, and can now view all the rest of the pages and such while still being logged in.
I have used .htaccess for this sort of thing in the past, but this time I will not have a local password database with which to work. I will need to use Authen::Radius for each user authentication attempt, and I'm sort of stumped as to how to let users stay logged in, but if they close the browser, or enough time goes by, they get logged out.
What do folks recommand for this sort of thing? I was assuming it would be cookie based authentication caching. Can anyone think of any examples where the source might be available? Do I need to build a check into every single subsequent page of the website that checks and verifies the cached connection?
I'm afraid I don't know much about authentication, so it's hurting this project..