I just noticed that $user->sid is not available for anonymous users. It get chopped once $user get overwritten in sess_read even if the full session row get loaded. (5.X and 6.X). include/session.inc $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = // $sid=$user->sid; //... // We didn't find the client's record (session has expired), or they are an anonymous user. else { $session = isset($user->session) ? $user->session : ''; $user = drupal_anonymous_user($session); // $user->sid=$sid; } since it makes more uniform to access sid through the code, is there a good reason to kill it? If there isn't any good reason to kill it... could this small change get into core? thx -- Ivan Sergio Borgonovo http://www.webthatworks.it