I have posted an update to the NTLM authentication document at: http://davenport.sourceforge.net/ntlm.html This covers some new stuff regarding responses with NTLM2 session security. Eric