A system determines whether to grant user access. Prior to granting access, the network server authenticates the user by sending an authentication request. An authentication server determines whether the user has been authenticated. If the user has been authenticated, the network server is notified and the network server grants access. If the user is not authenticated, then login information is retrieved and compared to maintained authentication information. If the retrieved login information matches, then the network server is notified. The retrieved login and authentication information is concealed from the network server. If the user is authenticated, a user profile is communicated to the network server with the notification. If the user is successfully authenticated, a cookie is provided to a user Internet browser. The cookie contains information regarding user authentication, the user's profile, and a list of network servers previously visited.