I'm sorry, I should have been more clear. Its a servlet that extends javax.servlet.http.HttpServlet When a user registers with our site we send a confirmation email to them with a return url containing some encrypted information. When they click on that link my "custom servlet" gets called. We decrypt the id parameter to decipher the UserID and Password and then notify them that they are cleared to use the site. So inside my HttpServlet servlet, I'd like to access the database and make sure I'm doing it in a valid or legal way. So I guess your saying in this case it would be OK to access the SessionFactory the way I described? Thanks again. PVM View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3995408#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...