OK, time for another Zen fix :-) It looks like I've almost got PTK working with the latest LoginManager. The remaining problem is that the login form doesn't work. I've finally figured out why. PTKBase.MemberFolder.MemberFolderBase.validate is much hairier than LoginManager.LoginManager.validate. A rough sketch is like this: if req_has('__ac'): ... handle cookie login ... if req_has('__ac_name') and req_has('__ac_password'): ... handle explicit login ... if auth and lower(auth[:6]) != 'basic': ... do basic authentication ... ... climb up the acquisition hierarchy ... ... try anonymous ... I know that the official way to do most of this sort of thing with LoginManager is by defining new LoginMethods, but I just don't see how to make LoginManager even try the LoginMethods at the correct time without overriding validate. Am I on the right track here? Dan Pierson