CGI Authentication form passthrough question

[David Rock]

Hi all,

I am trying to write a CGI script to check authentication for a website, but I have a problem.

Right now, I can take form input for the original username/password combination just fine. I also have no problem checking the input for validity. The
problem is that when I verify the user, I want to allow them to see the resulting HTML for the rest of their session, not just the first round of HTML
right afterward.

Here's an example:

user goes to www.foo.com/cgi-bin/protected-site.py which displays a simple form for un/pw input.

form submission verifies un/pw and displays new HTML that is also an input form.  I currently have this set up <-- here's the problem.

How do I make this form submission and all subsequent submissions display based on a verified un/pw? Right now, all someone would have to do is remember
the URL after the login stuff and they wouldn't need to worry about it. (I thought of using if __name__ == '__main__' to verify that the cgi being
accessed by the form is not the main process, but sometimes it should be)

Couple ideas I had were:
1.  Initial login starts a parent/child process where the parent keeps track of the authentication for the child (cool, but how? As soon as the next
form activates a cgi script, the new cgi has no relationship to the original parent process)
2.  Write a file with a random key value that gets passed along as a hidden item in a form. When the form runs the next cgi script, it looks for the key
value in the file and compares the two. Since this would be a date-based seed, the key would always be different (but how do you know when to get rid of
the key file? The process would be dead as soon as the HTML is generated)

Thanks for any ideas

-Rock
rockdw at bigfoot.com