How about a hook to allow CGI objects to insist on authenticated users 
only? I think "authcgi" would be a good name. --Ethan

> This is now [[done]], although I called it sessioncgi since the user may
> or may not be authed. --[[Joey]]