I dont know if this is always correct but in some crude forms of auth. a enviroment variable will store the username. In all my scripts I have used a cookie approach taking

the login script checks the ecryprted password to the encryted password in a database if its true it caches a cookie on the client while recording information (some long nearly random numbers in both the cookie and database making it hard to guess and hit two at once) on the cookie in the database

a seperate handeler controls how long the cookie information is stored in the database (i.e. how long the cookie is good for based on clock speed) if a cookie expires it attempts to trash the cookie on the client and cleans the database