I am making a small application for sales and marketing reports in-house. Each user has a unique login/username in zope (via NtUserFolder) and they also have a unique employee_id in exisitng SQL database tables. Each page calls numerous SQL methods almost all of which need to know the employee_id number. I can make a small method getEmpID(request.AUTHENTICATED_USER) and map the logins to the employee_ids, but then I am calling that at least once every page. I could call getEmpID(request.AUTHENTICATED_USER) once when the user logs in and then set it in a cookie or a session variable but I am unsure of the possible security issues in doing that. Or I could start using the zope/NT login as the key in various sales and marketing tables. Just thought I'd *throw it out there* for any input, thanks.