I think you have two choices:
Servers and browsers can cooperate on authentication using RFC2616
14.8. In this style, your server returns a 401 challenge to the browser
and in response the browser (typically) tosses up a dialog box: username
and password. From then on, all requests between your domain and that
browser have these authorization headers, which you server app can read and
use.
If you don't want a dialog box popped up, and do want to get the
information off any form embedded into a page, then you use a form/cookie
mechanism. Include the form, get the username and password back, and then
issue some sort of user_id/login cookie that other pages can read. From
then on, all requests between your domain and that browser will contain the
user_id cookie, which your server app can read and use.
Jerry
=====================================================
Jerry Asher [EMAIL PROTECTED]
1678 Shattuck Avenue Suite 161 Tel: (510) 549-2980
Berkeley, CA 94709 Fax: (877) 311-8688