Not a web scriptie, but I can understand that the content may be buffered when asking to verify the user. When verified, the same buffered content can be used by web server.