How about a hook to allow CGI objects to insist on authenticated users only? I think "authcgi" would be a good name. --Ethan > This is now [[done]], although I called it sessioncgi since the user may > or may not be authed. --[[Joey]]