Hi all, I have a site that achieves user authentication from a home page by directing them to a restricted method causing the browser to pop up its default authentication window, and redirecting them back to the home page after a successful login. From what I've read, the browser will use HTTP authentication in this case. After the login takes place, I expect to be able to access the user name from AUTHENTICATED_USER.getUserName(). I am able to access the correct user name in some methods, but in others, the above method produces 'Anonymous User'. I've read in other mailings that the HTTP authentication scheme will only send authentication information for URLs that lie below the URL which originally caused authentication to take place. I've ensured the methods in which I want to access AUTHENTICATED_USER.getUserName() do, infact, lie below the URL which originally caused authentication to take place. Does anybody have information as to why AUTHENTICATED_USER.getUserName() will produce different results depending on where methods are accessed in the hierarchy - even if you are below the URL that caused the original authentication? Also if somebody has ideas for a better login strategy, feel free to comment. Thanks for the help