I have a situation where I *want* to avoid rewriting for a client. What's happening is that a URL is being constructed to change from http:// to https://, and I *want* to force a new session for the secure port. However, once I'm at the secure site, I can't call session.invalidate() (I forget the exact method call) without screwing up the web client, too. I *know* this should be a separate web application, but at this point, that's not a concern for me (I wanted to do it right, business client insisted on deployment before it was cooked enough, oh well) - but I'd really like to not rely on the code manually forcing everything to be removed. ----------------------------------------------------------- Joseph B. Ottinger [EMAIL PROTECTED] http://cupid.suninternet.com/~joeo HOMES.COM Developer
