<snip author="Mike"> What is the best combination of cookies, sessions or anything else for browsers with high privacy settings, when trying to maintain state? </snip> The solution should not be placed in the clients hands. It needs to be controlled via the server. The client is unpredictable whereas the server is. For this reason, we use session variables and make sure that session.timeout = -5000 (never expires). When logging out, there is a hidden page with two elements: session.abandon and response.redirect("Home.asp") To help with this, as anthony has described we kept passing the ID around through the links. If for some odd reason we needed that session variable to remain active indefinitely on a page, we'd store it into a local variable. R.S.