in reply to Apache module starting points
I'd also suggest the idea of starting at CPAN and looking
for existing modules to start with. You say that you need
to force users to re-authenticate after 15 minutes, so I'd
start by looking for an Apache module that will take care
of the authentication that you want to do, e.g.
Apache::AuthDBI or Apache::AuthCookie, etc. If you can get
an existing perl module to take care of this, it should be
fairly easy to hack in a timestamping like you want, and it
should be trivial to hack in the exemption of certain
directories. I've done some hacking on Apache::AuthDBI
myself to get it to work in a specific environment, and it
was much, much faster than anything I could have come up
with from scratch. Good luck!