Hi All, I have written a user front-end in Perl that has an authentication script (in Perl) to allow a user to log in (password stored in back-end DB). Once that is successful, a pair of cookies are set: setCookie("first", "$digest",,,); set Cookie("second", "$session_key",,,); plus the session key/ID is stored in the user's record in the DB. However, I also have static Web pages and directories for each user stored in "/data/username"; I have a symlink under "htdocs" that points to the real data location (i.e. "/data"). I notice that I can easily hand-modify a URL to point to another user's directory and gain access, which is of course undesirable Is there a way to have Apache automatically allow/deny access to contents in a user's private data directory, based on the authentication/cookies that have already been set via authentication? NOTE: Apache V2.0 Authentication Module Auth MemCookie (http://authmemcookie.sourceforge.net/) *might* provide a solution to restricting directory access, but the few examples mention using PHP to handle the access control to an explicit URL. What I need is a transparent way (and maybe a short but explicit example) for Apache to transparently allow/deny access to any URL that is inside a user's data directory. Many thanks in advance! Keith