no, I didnt save it as a cookie, and to ensure that I was not mistaken I got another admin here to login and repeat the bookmark problem, ensuring that they didnt select the <save passwd as cookie> button and I still get the same problem. Clearing the PC cache on IE and on Opera did not remove the ability to bypass through a bookmark, it does with Netscape however, which seems to imply a cached cookie. The same problem exists whether you use or bypass the proxy too. Login/passwd information is only collected at the Listserv login screen, as far as I understand cookies that means it cant be coming in from any other cookie from any other source. Does wa set a cookie even though you dont specifically select for it to do so? If it does, is this configurable, as in shorteing its lifespan or making logoff/idletime kill it? Can you set wa configuration to force validation at each separately requested action? Sorry, I just cant find anything on these in the manuals or the faqs. thanks lsvadmin On 16 Dec 99, at 16:21, Ben Parker wrote: > On Fri, 17 Dec 1999 09:23:06 +1100, lsvadmin <[log in to unmask]> wrote: > > >What I find now is that if I bookmark any page AFTER the login and > >password page, and then select that bookmark later (even after shutting > >the browser down), I can bypass the login. > > Did you save your login as a 'cookie'? I am guessing you did so. What you > describe would then be the expected behavior. >