Hello everyone, During the last meeting, I briefly mentioned a paper I was working on in relation to digest authentication. I finally got it posted here: http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf I would love to hear any feedback. thanks, tim