note sutch Another option is to not deal with the htpasswd file and store and test user credentials within your program. For example: <code> use CGI; my $request = CGI->new; if( $ENV{'REMOTE_USER'} eq "sutch" && $ENV{'REMOTE_PASSWD' } eq "myb4d" ) { # user is authenticated print $request->header; # return restricted web page here } else { print $request->header( '-status' => '401 Authentication required', '-auth-type' => 'Basic', '-WWW-Authenticate' => 'Basic realm="My Restricted Area"' ); # return failed authentication message here } </code> This will provide the user with the familiar username/password dialog box that is displayed when using htaccess. Instead of Apache handling the authentication though, the script tests the REMOTE_USER and REMOTE_PASSWD environment variables to authenticate the user.<p> A benefit of handling the authentication yourself is that you can also expire authenticated sessions and allow users to logout. This can be done by returning a 401 status with different realm text. 246048 246048