What Craig is saying is that the users ID value is stored in a session variable by the authenticate user server behavior.
On the login success page, you create a recordset that filters the ID column on the session that is stored by the authenticate user server behavior to show the information that is unique to that user.