Hi, It's been awhile since I looked at the Apache API, but if I needed to do what you are doing here's what I'd do. I'd set up a handler to be called before any other Auth handlers, that checks your database to see if the user still has rights to access. If everything is cool, simply return an OK to apache it will continue to process the request. If the users session has timed out, issue a redirect to the user(to your script) and return DECLINED to apache. That should stop the request processing phase of apache and your use should be quickly dispacted to refresh your database. $r->header_out->add('Location' => $uri); $r->status(REDIRECT); $r->send_http_header; Something like that should do the trick. It's not bulletproof because redirects arn't. If you want bulletproof look into internal redirection. Hel0