I am working on a web-based help desk ticketing system (code is in VB.NET, but it's an ASP.NET 1.1 page), and I would like to use user names and passwords to not only control access to the application, but to also restrict some users from certain parts of the app. I understand the concept of a user inputting his/her credentials and looking them up in the database to see if the credentials are valid. However, I do not know how to keep this user information stored throughout the individuals web session. For example, when the person creates a new ticket, I would like the ticket information to prepopulate itself with the user's basic info (once again, I know how to query the DB for this, but not sure how to keep track of the user). Are there any good references or tutorials that I could read, or maybe suggestions you have, to accomplish this task? BTW, the DB is a SQL2000 server, if that helps, and I'm using Visual Studio .NET 2003 to write the app. Thanks in advance for your help.