Configure your browser to prompt you for cookies. That will make sure you are doing the session bit the way you think you are. Then add some error_log statements when you set or read the secret word. You'll soon figure out exactly how/why your session has the OLD secret word in it. -- Some people ask for gifts here. I just want you to buy an Indie CD for yourself: http://cdbaby.com/search/from/lynch -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php