package MyAccessHandler;

use strict;
use warnings;

use Apache::Request;
use Apache::Cookie;
use Apache;

sub handler {

  my $r = shift;

  my $url = $r->hostname . $r->uri();
  my $file_path =  $r->parsed_uri()->unparse();

  # do not protect login page.
  return Apache::OK if $file_path=~ /login\.html$/;

  my $can_access = 0;

  ## If the user has a cookie, see if user has access.
  my $cookie = eval{
     ({Apache::Cookie->new($r)->parse()}->{cookie}->value) 
  };

  if ($cookie) {
     $can_access = MyValidationRoutine($cookie);
  }

  # return OK if they're allowed     
  return Apache::OK if ($can_access);

  # otherwise, redirect
  $r->internal_redirect('/login.html');
  return Apache::Constants::DONE();

}