Pierre-Frédéric,
PFC> You could use apache mod_auth_tkt :
PFC> http://www.openfusion.com.au/labs/mod_auth_tkt/
I think their own description of "lightweight" is a fair summary of
mod_auth.
My own approach needs to be a more security conscious. Secure web
sessions is an area that deserves more attention. The only good source
I know is:
http://cookies.lcs.mit.edu/pubs/webauth.html
The ease with which the MIT team were able to compromise so many
leading corporate sites is sobering.
My own approach is mainly a blend of the MIT ideas, the Yahoo ideas
reported on the the latest version of the MIT paper, and the OpenACS
approach:
http://openacs.org/doc/openacs-5-1/security-design.html
But this is a bit OT here. If you want to carry on with this, perhaps
you could contact me off list?
------------------
Geoff Caplan
Vario Software Ltd
(+44) 121-515 1154