Why a separate cookies for acct svc? Shouldn't it just use the same identity cookie used by the token service. If an appliation wants to link the acct mgmt page on their application, user has to relog in. Or am I missing something? -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com