thanks!   jack

looks i checked the ''remember login'' which persisted the auth info on the cookie, but that is supposed to remember login ID only right?   in a production box, should we remove the default.aspx, and test.* which looks like some testing code right?   thanks!   Jack    

Hi,   I download the trial version and install on the server, there is a security concern:   I logged in with the testing Admin user on the page supportadmin, and then I opened a new IE and type the admin page URL and then I was able to see all of the admin content on the new browser. is there no authentication check ...