I overhauled it a bit but its still not up to scratch or as detailed as I think it should be Ingo, I know you are moving but is there anyway you could take a look, compare it to the OWASP Common library session handling code and see whats missing? I will fill in the blanks. -- Mark Curphey <mark at curphey.com>