Being retro can be painful. Instead of using a login page, I wanted to use HTTP Authorization with my web.py based Franklin-like planner. Turns out you need to tell fastcgi to pass the relevant environment variable to the underlying process, and you also need to tell apache to pass the authorization in via a modrewrite hack.

Granted this will be replaced by an https-based login at some point. Still, the idea of passing apache2 HTTP internals to scripts via environment variables seems a noteworthy (and probably completely misguided since I'm not super familiar with apache internals) hack.

/etc/apache2/mods-enabled/fastcgi.conf

<IfModule mod_fastcgi.c> # ... FastCgiConfig -pass-header HTTP_AUTHORIZATION </IfModule>

.htaccess

RewriteEngine on RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:AUTHORIZATION},L]

I would think that mod_wsgi [http://code.google.com/p/modwsgi/] would be a better option these days. Also, if you want to stick with FastCGI I'd suggest mod_fcgid rather than mod_fastcgi. -- David W