Michel, thanks for the reply. In the past I worked a UNIX programmer and he was able to store the userid in a variable like ##UID via CGI scripts. Is there something similar for IIS and something that you have an actual code example? I am certainly no web expert so any help will be greatly appreciated. I am completely unfamiliar with basic authentication if that gives you an idea of my expertise on the web...



>>My main web page validates a user username and password. I have about 10 different pages a user can go to and only 2 additional ones require the userid value. It is my understanding that the userid can only be passed between ASP pages via REQUEST.FORM("varname").
>>
>>The problem becomes what if the user checks out a report that does not require or pass the userid? Is this a scenario where I should be using a session variable or something else? A brief code example would be a wonderful thing now...
>
>I do not believe of passing an authentication info from page to page. This is not secure at all. At least, using session variables, as you described, is already a step further in the right direction. But, you can proceed in that direction by using a cookie and further more, by using a basic authentication on the required pages.