I have overidden the default security provider and wrote a custom LoginModule to authenticate to Tomcat 6.0.18. When a user successfully logs in, I write information to the database to track that the user logs in. I also add a cookie that maps the login to the information in the database. I do this to allow other web sites under the same domain (Apache/PHP) to see that the user is already logged in and allow them to access the protected components of those sites. This works the same way in the other direction. A user can log in to one of the other sites and the cookie is added. I would like to pass the cookie information to the LoginModule to verify that the user is logged in and authenticate to Tomcat. I was thinking of changing the user name to be some string and then the key value in the cookie in order that I may access the value via j_username, but I think that is a hack and would like to be able to pass dynamic information to the LoginModule. I know that you can pass information through the JAAS config file, but that is only for static data.