thanks for all your suggestions. the only thing that works to get the session from the servlet to the jsp is to use the requestDispatcher, which means that my url hasn't really changed and so my page formatting (using css) breaks.. my session difficulties have forced me to the conclusion that i must be employing a poor design pattern, or at least one that the keepers of the specification do not encourage. i would call what i have somewhere between model 1 and 1.5, but i am moving towards model 2. so i need a little advice.. here is what i currently am following: index.html (javascript detect and forward) -> html login page (form post) -> authentication servlet (doPost) -> home.jsp -> rest of app if anyone would like to see an alpha version of the app, running on iis/jrun, here is a url. http://216.181.199.34/nexus/ (user: kael password: kael) you will notice in the lower left bar, under the nav, that the user name and logintime are displayed. i'm using the session for that, and when i run this app on orion it breaks. i get null values there. how should i be doing this differently? regards, bradley mclain __________________________________________________ Do You Yahoo!? Send online invitations with Yahoo! Invites. http://invites.yahoo.com