Use a public key cookie to verify profile...  

 When user logs in his clearance with the login program gives him a public key..  The server holds in mem the private key..... 
 On each page request, the key is checked before issueing the query results... 
 On logout the private key is destroyed