I have the following problem when cookie (on my computer and per-session) is disabled. I'm using IE 5.5 and Tomcat 3.2.3. I set up a restricted area for URL pattern /user. Before I login, I go to http://localhost:8080/abc/user/index.jsp. Tomcat automatically forwards to the form login page http://localhost:8080/abc/login.jsp. In theory, after I login successfully, Tomcat will forward me to the original location, i.e. http://localhost:8080/abc/user/index.jsp. However, it doesn't happen that way in reality. Tomcat doesn't forward at all. The problem is that Tomcat doesn't URL rewrite the form login page, so the tomcat.auth.originalLocation is lost (null) when I reach the form login page - http://localhost:8080/abc/login.jsp. Am I correct on the explanation of the problem? If so, any resolution? If I'm wrong in anyway, please let me know. Thanks. Willie _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com