Session Timeout can be set at 3 levels. At the application code level, at the application folder level on IIS and on the web server level on IIS. They are supposed to override each other in the same sequence. But the timeout i specify in my global.asa file refuses to override what is set at the application folder level? any ideas...maybe this has something to do with NTFS permissions?