Dear List, We have implemented the Realm with Oracle. It works fine. (see below from TC sample server.xml) <!-- <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="oracle.jdbc.driver.OracleDriver" connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL" connectionName="scott" connectionPassword="tiger" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" /> --> However, we are wondering about upgrading our system so we dont use cookies. We believe (after earlier questions on the list! thanks! ) that this should be easy to achieve. However, we use the integrated Tomcat security Realm model, and this automatically saves a JSESSIONID sesion id as a cookie to the client browser. Is there a way around this? i.e. that this information is sent over HTTP? Would appreicate any info regards Ben --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]