This action is used to authenticate user by comparing several cookie values
(username, password) with the values in database. The description of the
process is given via external xml description file simiar to the one used
for all actions derived from AbstractDatabaseAction.
The values specified via "cookie-name" describe the name of the
cookie, "dbcol" indicates matching database column, "nullable" means that
cookie-name which is null or empty will not be included in the WHERE clause.
This way you can enable accounts with empty passwords, etc. "to-session"
attribute indicates under which name the value obtained from database should
be stored in the session. Of course new session is created when
authorization is successfull. The "type" attribute can be either string,
long or double and alters the type of object stored in session. Additionally
all parameters that are propagated to the session are made available to the
sitemap via {name} expression. If there is no need to touch the session
object, providing just one-time verification, you can specify action
parameter "create-session" to "no" or "false". No values are then propagated
to the sesion and session object is not verified. If you want to append
attributes to the session without creating a new one, specify action
parameter "append-session" to "yes" or "true".