Thanks for the tip about the common solution varian. I'll keep reading. I still don't see the connection between using Apache and using cookies. I thought cookies were only for setting simple values that I'd be explicitly looking at later in my cgi scripts... but it sounds like there's a connection with the Apache/HTTP auth stuff that I'm unaware of so far.