I came to a web application development(modperl) in a middle way. The existing session management is basically save pairs of info(user:xxx...) into a /tmp file named clientip-random#-random#-timestamp, and use a similar format cookie to find corresponding session in /tmp to do authentication. meanwhile some new pair of info could be appended to session file to speed up same request or record the last request. I know this is *obviously* dumb and Apache::Session can handle all this. But sometimes you know, things are obvious but you just can't convience others easily... the existing method works and how can I make a strong argument that other ways are much better? Thanks, Jeff