Distinguishing between requests from authenticated and non-authenticated users is possible by relying upon the standard feature of browsers that they include the Authentication HTTP header even for unprotected portions of the site.
Portions of the site that really require authentication will work correctly, because the Authentication header is included. Portions of the site that do not need authentication, can use the name of the authenticated user mentioned in the HTTP authentication header to do personalization.
This page shows how to achieve these effects with all the common browsers and almost pure Apache 2.2