I am currently using a dialog box to retrieve username/password.<BR><BR>auth=TRIM(Request.servervariables ("http_authorization"))<BR>if auth="" then<BR>response.status="401 not authorized"<BR>response.addheader "www-authenticate", "Basic realm=""XYZ"""<BR>response.end<BR>end if <BR>...etc<BR>My script has no problem validating the user/password through a database. I want to make the user session timeout when idle for a certain period of time. And the user has to click on the login dialog box to relogin again. The problem is, when the session variable timeouts, the authorization browser header still contains the username and password which renders the password dialog box would not appear again.<BR>My question is, is there a way to clear the content in Authorization header so that the authentication dialog box would appear again when the login script is loaded?<BR>