Looking at CGI.pm documentation, i found the -nosticky pragma, and tried that, but it didn't solve the problem. oddly enough, in the actual loops of the script, $action gets defined as 'logout' before it ever sees $action='login', but, of course, in order to be logged in, you have to have set that action in a previous call to the script. Unfortunately, just adding the -nosticky pragma didn't solve the problem.

adding the -override element to the hidden field worked great!!

so, i'm still perplexed as to the behaviour, since i've used loops like this in the past with no problems, but since it's working at the moment, i won't complain!!

again, thanks for leading me out of the woods. jck