>2. I have a custom security class that manage the security of my application. It would like user to login when start my application and logout user if my application terminated. I NEWOBJECT security class and store the reference in mymainform.osecurity property. It create couples of session object when doing validation. I am sure that I DESTROY it once I finish the validation process. (Actually my application not released totally after I have this class.) I set mymainform.osecurity = .NULL. when DESTROY.

John,

And how does oSecurity deal with the session objects it created?