>
>I am still confused as to why the autodetect works and would prefer not to have it running with the session stuff displayed in the address bar.
Sorry, I haven't really followed much in this thread. I don't know if this is the issue or not, but have the user check their date/time (AM/PM) and timezone (and do the same on the server). If either is wrong you can run into the situation where the cookie is issued to the browser but then, because of the incorrect time, the browser expires it immediately. The symptoms are that the user appears to be able to log in, but they are immediately redirected back to the login page.