> Yes, do it in authen_cred() after you have checked the credentials, but before > returning the username. authen_cred() is only called when you submit the login > form.
Yes, this is what I ended up doing and it worked out perfectly. I was using AuthCookieDBI and so I've been cheating and editing that module directly but I eventually will spin my own when I get more time. It works very nicely now and I've tied the Apache::Session creation and destruction to AuthCookie logins and logouts, and I'm using the username as my Apache::Session key. All very clean now. Thanks for the help! -Fran
