The remoteuser that you try to read only is available when you use application based authentication - that is, if your webserver prompts the user with the "basic authentication" screen (some popup that asks you to enter username/password).
If you write cookies for authenticating the user,
you should maybe try to read in the cookie that may be on the users' system .
Also, the reason for why the authenticate mehtod is not called again is due to the isSessionValid method. If this method returns that the user has not changed ever since the call to the authenticate method, the authenticate method will not be invoked again.
Please check monroe's bookmarks or search the forum for cookiesso. There is some neat implementations by monroe there... which also allow to add the user to specific groups etc :-)
[originally posted on jforum.net by Sid]