I have cobbled together a Quixote demo of user authentication which
handles logins in a natural-seeming way. The user can log in with a
form, or he can trigger the browser's login dialog by attempting to
access a protected page.  In a real application, a local _q_access()
function would be made responsible for the authentication in protected
parts of the app, but this demo at least shows how it can be done.

The quixote.demo.authsession.ptl template file (attached) is basically
a hacked version of quixote.session.ptl. To rig up a CGI driver for it,
make a clone of session_demo.cgi (I call it auth_demo.cgi) and edit it
to publish 'quixote.demo.authsession'.

Any nonblank user ID and password will be considered valid by this
demo, provided that the ID and the password are identical.

Although there is a logout feature, I have not been able to figure out
how to ensure that the logout is effective and permanent without ugly
hacks. The popping up of the login dialog when you log out is also
annoying. If any HTTP gurus out there know how to fix this, I would be
most interested to hear from you.

Jim Dukarm
DELTA-X RESEARCH