We have a web app written in PL/SQL (stored procedures in an Oracle database). We use Apache and mod_owa (a variant on the mod_plsql theme) as HTTP glue. Currently were on Apache 2.2, but upgrading to 2.4 would be an option.
Our app handles security itself (our own tables of users and roles); like all web apps, logged in users get a cookie. For the sake of this discussion, lets assume our app runs under www.my.com/app
Now we want to be able to serve some ordinary files using Apache to authenticated users (registration of downloads basically). Again, for the sake of discussion, assume that files are served from www.my.com/file
How can we integrate this with Apaches authentication? Functionally, a user logged in to our app should be able to download a file without logging in again elsewhere. Conversely, someone who isnt logged in trying to download the file should be prompted to log in.
Whats the best way to achieve this? The easiest way?