Hi, Thanks all for the useful link and suggestions :-)

I think Mr. Schwartz's method is pretty much helpful(basically I think it takes the same approach as shown in Gavin's above post). So every first-time visit to my website has to take a test to check if the browser responses with a proper cookie information. Sounds a perfect solution and I don't need to issue any redundent information on the URL after then.

the only downside I can feel is that for the first time visitors, this approach means an extra 302 redirection when they first see my webpage, and if the visitor is a robot which usually doesnt accept cookies, this approach might double(not double exactly since redirect happens at early stage) the net-flow from those robots:--((( but it should not be a big problem by caching from both client and server side.... not sure if there is any other side-effects though?

very nice learning... thanks :- )

Regards,

lihao(XC)