Hi guys, Does anyone know how I can implement the above mentioned? Once they exit the protected realm (i.e. the protected folder in my htdocs), when they re-enter the site again they will be asked for a password. I have a simple basic authentication system but it doesn't track the user when it leaves the protected realm. What I wanted to do was to get the server to re-authenticate the user everytime he leaves my realm and tries to re-enter again. Some people suggested CGI, some suggest PHP.. I would like to know if JSP can do the job. If yes, what level of competence do I know JSP ?