Our Windows product uses SQL Server logon IDs for security. The ASP/browser version would need lots of programming to replace this just so we could use Connection pooling, since then every SQL Server access must use the same ID. If we only expect 50-100 concurrent users why can't we just keep a Session for each with it's own Connection? I know it's "not recommended" but is there any hard data or test results showing response time lags for so few users? Thanks!