What exactly are you trying to accomplish?

If you're using true authentication then you don't need to pass anything forward as the Web Server and browser maintain user context and login information. This applies to Basic Authentication (part of HTTP) which is hte typical way application initiated security is implemented.

If you don't want to do this then use Cookies or Sessions to do this. If you use ASP, then just write some sort of code that confirms login was successfule (like a variable LoggedIn=True) into the Session and then read and check on each hit to verify. If user is not logged in redirect to a login page.

+++ Rick ---

>Michel, thanks for the reply. In the past I worked a UNIX programmer and he was able to store the userid in a variable like ##UID via CGI scripts. Is there something similar for IIS and something that you have an actual code example? I am certainly no web expert so any help will be greatly appreciated. I am completely unfamiliar with basic authentication if that gives you an idea of my expertise on the web...
>
>
>
>>>My main web page validates a user username and password. I have about 10 different pages a user can go to and only 2 additional ones require the userid value. It is my understanding that the userid can only be passed between ASP pages via REQUEST.FORM("varname").
>>>
>>>The problem becomes what if the user checks out a report that does not require or pass the userid? Is this a scenario where I should be using a session variable or something else? A brief code example would be a wonderful thing now...
>>
>>I do not believe of passing an authentication info from page to page. This is not secure at all. At least, using session variables, as you described, is already a step further in the right direction. But, you can proceed in that direction by using a cookie and further more, by using a basic authentication on the required pages.