[cgiapp] Authentication for AJAX?

[jerry]

Hello All,

    I have been using CGI::Application to run my homebrew LAMP tools for 
several years.  Now, I am starting to move away from a pure CGI 
environment to a bit of AJAX.  But I don't want to abandon CGIAPP - I 
have a large investment in server-side code that uses it.

    Getting into "a bit of ajax", I have a need to verify login status 
for AJAX requests.  The current login
for the CGI stuff is my file called "login.pm", that says "use base 
CGI::Application".  It also uses the Session and Authentication plugins. 
  I am using an SQL store for the session data.

    It's possible ( and bad! ) for an AJAX request to come in from a 
station that no longer has a current session - because it has timed out. 
  I need to verify that the station sending the request is currently 
logged in, and that the user has sufficient permission to perform the 
action.

   My first thought was to include the session ID in the AJAX request, 
and have some code that checks to see if it's a valid session.  It would 
either succeed or fail, and if it failed, it would complain via the AJAX 
reply - so the user would know that they have to go to their login 
screen to gain access.  Or the client-side javascript could just take 
them there - that's just details.

   I can't actually use the Authentication and Session plugins for AJAX 
authentication - because they're plugins.  And I don't want to have 
runmodes and all the other CGIAPP baggage for my AJAX calls.

   Ajax authentication checking would have to modify the data in one way 
- it would need to update the
"last accessed" info so my sessions wouldn't time out even though people 
were doing only AJAX stuff.

   I think the CGI::Session module should be able to handle reading & 
writing the database....
Has anybody else invented this particular wheel?

                - Jerry Kaidor