I am using the following code to force my users to re-authenticate before they can "sign-off" on something. <BR><BR>Response.Buffer = TRUE <BR><BR>Response.Status = ("401 Unauthorized") <BR><BR>Response.AddHeader "www-Authentication","NTLM" <BR><BR>I then check the old "AUTH_USER" server variable against the new one after the re-authentication to make sure the person is who I think they are. <BR><BR>My problem is for some reason this brings up the login dialog box 3 times. I have to enter my login and password 3 times in a row. It works but my users will kill me if they have to keep loging in over and over. Also, a bigger problem is that if I click cancel on the login dialog box I don&#039;t get any access denied message. It just takes me to my page and uses my old authentication information. <BR><BR>I&#039;ve been looking on-line for the last 2 weeks and can&#039;t find much on this. Any thoughts?