On Wed, 2007-01-17 at 14:50 -0800, Tracy12 wrote: > What about the security measures if we store authenticated user information > in a cookie, > > Cant we handle in the server session and and store it as a session variable. > This would be much secure?
Have you looked at the Apache::AuthCAS module on CPAN? http://search.cpan.org/dist/Apache-AuthCAS/ It seems to already support the use of session cookies. The various mod_cas modules that Google turns up also seem to support local caching of some kind. I don't mean to discourage you from writing your own if you want to learn mod_perl, but if you just want to get something working, using those might be faster. Regarding your earlier question about using basic auth with something like mod_cas, you can configure your 401 ErrorDocument to be a mod_perl handler which redirects to anything you want. So, I believe you could use mod_cas if you choose to. - Perrin
