With testing at another customer site, I found that sometimes Apache2::AuthNTLM does not provide the username information when a web page has already been authenticated. Perhaps it might do it with every page if I turn off the 'cache' parameter in the return headers. Anyway, the new autohandler will rely on the session uuid to keep authorization going on pages which AuthNTLM does not return a username.