Implementing basic cookie token authorization

Added by Steph P 4 months ago


So I have an instance of lighttpd 1.4.71 running on my Linux machine and I have written a FCGI script to, given a valid login + password pair, return a response setting an authentication_key cookie on the client's browser. This works fine and well, but now I'm stuck with how to proceed with only allowing access to certain site resources if the request contains a valid authentication_key. My first idea was to have any request pass through another FCGI script that would check the authentication_key and serve the resource if valid, but I feel like there is a better way of configuring lighttpd to do this. Does anyone have any advice on what would be the best way of accomplishing this?