The client only sends basic auth credentials when requested. So if you have an authorization handler that might validate a cookie and return OK before basic auth credentials are requested of the client, then you will need to set $r->user from that handler for it to be accessible later on down the chain.
Regards, Tim Tompkins ---------------------------------------------- Programmer http://www.arttoday.com/ http://www.rebelartist.com/ ----------------------------------------------