>Getting site B to create cookies that can be read by >site A (an additional feature for browsers to support - and, again, >why?) but not by any other sites, would be much trickier. And, in case you're still determined to enable it anyway: http://shiflett.org/articles/session-fixation That's the security reason why not to ;) -Shade