I have set up aMember for my client using PHP pages but without a database back-end. I'm using PHP include files to simplify the process of adding new pages. I have a contents list in one PHP include file. The individual topic files are all PHP includes that are pulled into one of two master PHP pages which function as the Member home page. The included pages are stored in the protected folder. The contents list is stored in the protected folder. The Master PHP pages are stored in the protected folder. (So far we only have 2 protected folders.) Originally I had a menu bar on all pages (protected and not) that included a link to that Member home page in the protected area. After logging in the first time, I encounter the htpassword pop-up instead of being immediately directed to the Member home page. After that, when I logged out, if I clicked on the link to the Member home page, it would display the protected page! I would think that having logged out, that protected page would not display and I would be directed to the login page. Have I missed an installation or protection step? I am using the "session_start()" variable at the top of the two master PHP pages; does every PHP-included file need to have that function call in it? Why do I see the htpasswd page right after login but not again? Your assistance would be most appreciated. I think I have a workaround for the menu bar problem, but I'd appreciate some clarification. I want my client to be confident that her paid content will be adequately protected! Thanks, Toolie on behalf of Francine, the customer