Apache::AuthExpire module for use with a mod_perl enabled web server.

Most Recent Modification:  07/29/2004

Copyright (c) 2001 Jonathan J. Horner. All rights reserved. This program is
free software; you can redistribute it and/or modify it under the same terms as Perl itself. 

1.  Purpose

As the title suggests, this PerlAuthenHandler will provide a means to set a server wide timeout
system for servers that contain sensitive data.  It uses file modification times to determine when 
the last access_controlled request was made, and returns HTTP_UNAUTHORIZED if the timeout limit has
expired. It follows the rules of the Authentication phase and standard PerlAuthenHandlers.

2.  Usage

	The usage is pretty simple:
		1.  a. Install module using 'perl Makefile.PL && make && make test && make install'.
		    b. Manually create an 'authexpire' directory in the <SERVERROOT>/logs directory,
		       and give the web server user, (ie nobody), read/write access to it.

		    (INSTALLATION NOTE:  This Makefile.PL uses ExtUtils::AutoInstall to check for the
		    existence of modperl on your machine.  It is important to note that you should 
		    not allow the Makefile.PL to install modperl from CPAN if you are planning to 
		    use modperl2.  Reason:  modperl2 is not yet available from CPAN.  You will need
		    to download modperl2 from http://perl.apache.org and compile it yourself...)
		   
		2.  Place the following lines in your <SERVERROOT>/conf/httpd.conf file, where appropriate:
			PerlAuthenHandler Apache::AuthExpire
			PerlSetVar  DefaultLimit <number of seconds for default timeout>
		3.  The following lines allow site maintainers to manipulate timeouts, the location
		    of the timeout file directory, and allow the use of a secondary authentication
		    handler. These are optional in the .htaccess file:
			PerlSetVar TimeFileDir '/path/to/alternate/timefile/dir'
			PerlSetVar AllowAlternateAuth yes
			PerlSetVar TimeLimit <number of seconds for this directory timeout>
			PerlSetVar TimeoutPurge <minutes>
		4.  The following line, optional in your httpd.conf file, will turn on debugging reports to
		    your error_log:
			PerlSetVar TimeoutDebug 1
		5.  After setting these variables, all directories will be subject to the PerlAuthenHandler 
		    if a .htaccess file is present. AuthType must be set to 'Basic', AuthName defined, and 
		    at least one 'require' directive defined.
		6.  Stop and restart the web server.

3.  Contact Information

	I can be reached by email at speeves@erikin.com.  
	Home page is http://search.cpan.org/~speeves/. 
	Please send any bug reports to me at the above address.

4.  TODO List

	* Add status codes to time files so that more intricate options can be added
	* Rewrite so that instead of a 401 status response being returned(which isn't handled 
	  well by all browsers), the serve will respond with a html page allowing another login.  
	  This page will have to be addressed by browsers and should work better than a '401'.

	  (SHANNON NOTE: This module does not timeout for either Konqueror, Netscape 7.0 or Mozilla browsers...
	  Hmmm.... Does seem to work with IE and lynx... I haven't researched it completely, but it 
	  seems that HTTP_UNAUTHORIZED is not sending the 401 Unauthorized that the mozilla/netscape and
	  Konqueror browsers are expecting. JJ points to the modperl docs for explanation.) 
	* Generate better method of creating <SERVERROOT>/logs/authexpire directory  

5.  Credit Goes to:
	- plaid from perlmonks.org (http://www.perlmonks.org/index.pl?node=plaid) for debugging code and 
	  general help.
	- merlyn (Randal Schwartz) from perlmonks.org (http://www.perlmonks.org/index.pl?node=merlyn) for
	  general help and support.
	- Brandon Willis <brandon@silverorb.net> aka bcw for the timeoutpurge patch, testing, and general
	  repartee on making this module more robust.