> We currently think we need the setting on the cookie to make this work. The SP looks up the session based on the NameID alone. The cookie is cross checked if it's there but not if it isn't. -- Scott