That's probably what I'll do ultimately, I was just wondering if there was some pre-built mechanism in Mere Mortals that already does this. I guess it's another of those areas of the MM architecture that's not well documented yet.

Here's another question I have that you might be able to give me advice on (thanks for such a quick response, by the way). In my system the User Id is critical to certain operations - if I store it in Session and the session expires, how do I recover from that?

If I have my web app set up for Forms authentication, does .Net automatically navigate to my logon page when the Session has expired, or is the authentication timeout setting completely separate from the Session timeout settings?