I have lots of intranet sites on the server. But to access those sites the user have to login at least once. And in every page I check for the session as below:<BR><BR><%<BR>' If the session has expired then force the user to re-login<BR>Call checkSession<BR><BR>Function checkSession()<BR> If NOT Session("loggedIn") = "1" Then<BR> Response.Redirect("login.asp")<BR> End If<BR>End Function<BR><BR>%><BR><BR>And on the login screen I abandon the session as :<BR><BR><%<BR> Session.Abandon()<BR>%><BR><BR>And also I have a logout button where I abandon the session and show the login screen again. But on some systems if the user tries to go to a certain page directly then the program forces him to login. But on some systems it lets the user go in to a page directly without logging in. what could be the problem. <BR><BR>After the login screen if he/she is a valid user I take to a page called main.asp. There I'm again checking for the session variable "logged in".<BR><BR>thanks.