> Does SESSIONTIMEOUT have to be set in time or can it be set > to expire when the browser window is closed? The SESSIONTIMEOUT attribute has to be a time - the server doesn't know when the browser is closed! You can, however, destroy the link between the browser and the corresponding session variables by setting the CFID and CFTOKEN cookies to be discarded when the browser is closed. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.