Hi, I'm hoping someone understands sessions better than I do and can help me out. I'm noticing different behavior across browsers and I'm having trouble groking it. I'm serving a page with a form, and that form has an autocomplete field. So my drupal gets an initial request for the page, then subsequent requests for the autocomplete callback. I'm testing with Firefox and IE right now, and here's what I observe.... 1) Across all browsers and requests, the session_name() is the same. I believe this is because drupal computes a session name in conf_init(). The name depends on the URL only and not the browser. Am I correct so far? 2) From Firefox, the initial page request and subsequent autocomplete callbacks have the same session_name AND session_id. In other words the session cookie's name and value remain the same. The effect of this is that $_SESSION is shared between the normal page request and the ajax requests. 3) From IE7, the session_name remains the same across all requests, but the session_id() of the initial page request is different from the ajax callbacks. In other words the session cookie's value changes. So $_SESSION is not shared. Is this what I should be seeing? 4) Also from IE7, the session_id is new for ajax callbacks, yet drupal somehow knows which user is logged in. That is $_SESSION is not shared with the original page request, but the global $user is set correctly. How is this happening? Doesn't Drupal rely on the session_id to determine the user? Since session_id has changed shouldn't drupal think the ajax request is anonymous? Is what I'm seeing the way things are supposed to be, or have I somehow screwed up my install? Thanks, -Dave