when i store value at session("some_var1") later,not at global.asa,it works. <BR> Is this secure ? I&#039m not using sessionID cookies to manage security per user. <BR>situation: <BR>-&#062;user1 creates this session("var1") <BR>-&#062;the new user connect tosame site and he receive page with session("var1") - is this value empty ? i hope yes ... <BR>-&#062; do i need to use sessionID cookie ? <BR>-&#062; can you please look at the "17-th cookie start a problem" topic added today by me ? <BR>-&#062;thanx a lot of