Was any sort of session hijacking prevention method installed on evolt this go-around? That could, potentially, cause problems with autovalidators examining urls with cfid and cftoken. Just a thought, though I'm not sure you even put one on. -joshua