I doubt anyone will respond but I figure I have to try...<BR><BR>I have a security COM object that is populated when a user logins into our site (session object). On the site there are links that spawn other windows. Hitting the &#039;submit&#039; button on the child window closes it and refreshes the parent window. From there the user might go to a different part of the site.<BR><BR>Normally users will login manually (typing in their username and password.) This populates the security session object and everyone is happy.<BR><BR>Here is the confusing part:<BR>Some users have created text htm files on their desktop that have a link to the login page and provide their username and password in the query string. (Due to business rules I accept form and querystring submits.) Selecting the link, logs them in fine. Once in the site (securiy object populated) if they spawn a new window and then close it, their session variables are killed and they get kicked out. <BR><BR>This does not happen if they type in their username, only if they entered via the link (which logs them in correctly until they spawn a new window.)<BR><BR>This doesn&#039;t happen in Netscape or IE5.0 of IE5.5 ONLY IE6.0<BR>ANY IDEA WHAT IS GOING ON????