CONTENTdm® uses HTTP for authentication (Basic or Digest). This is handled by a bundled CGI executable. When authentication is successful, the CGI executable will set a session cookie which is used for further authorization in the PHP environment. The access control list (often an .htaccess file) is managed by the web server.