I have two different websites. For sake of conversation lets call one "abc.com" and the other "xyz.com", which are hosted by two separate hosting services. There are pages on xyz.com that are secured by basic authentication. I want users who log into abc.com to have access to these pages without having to enter a separate login credentials. I have created an Authencation Servlet, which checks if the user is logged into abc.com, and if that is true then redirects to http:/www.xyz.com/secure/page.html. I have created a single user name password which be used for this single sign on feature. I am trying to poke the base64 encoded username and password (username:password) into the HTTP Header, so that when the user request is redirected the user will not be prompted for the username and password, but currently I am unsuccessful. When ever the user hits the Authenication servlet they are redirected to xyz.com, but they are still prompted for the username and password. Any help in this would greatly appreciated. Chris [ February 08, 2003: Message edited by: Chris Gastin ]