>My main web page validates a user username and password. I have about 10 different pages a user can go to and only 2 additional ones require the userid value. It is my understanding that the userid can only be passed between ASP pages via REQUEST.FORM("varname").
>
>The problem becomes what if the user checks out a report that does not require or pass the userid? Is this a scenario where I should be using a session variable or something else? A brief code example would be a wonderful thing now...
I do not believe of passing an authentication info from page to page. This is not secure at all. At least, using session variables, as you described, is already a step further in the right direction. But, you can proceed in that direction by using a cookie and further more, by using a basic authentication on the required pages.