You might use Apache::Session to remember details about a session. Apache has no way to tell if some HTTP request comes from the same person that authenticated previously or from a new person. You need session-ids (for example stored in a cookie on the client browser) to connect the independent requests of a session with each other