Hmmm.. can you take a step back and restate the problem more generally? What is the goal? We use servlets for java to java com between applets and the server. Inside, the servlets communicates to C++ based servers for objects and events. Servlet sessions are used to help ensure validation for the object and event servers. User database is also stored in the object repository. Getting the session id for the servlet back into Zope (I was going to store it in a SQLSession object.) was the reason for preserving the ;<sessionid> from a response redirect generated by servlet. All pages with applets would be written with the servlet session ID as a parameter. We were going to use https for anything with session ids in them so they can not be sniffed for. I had not decided if the user database exchange would be done by using the client as a relay with user info emedded in user,md5-password-signature components in the session id response redirect or some Zope to JServ direct handshaking using ZPatterns-based Membership. Yet another alternative would be the swig Python interface directly to the object server and Zpatterns. Hope this helps clarifys things.. Albert Boulanger aboulanger@vaptch.com -