When you say "the client is still sending the username/password". I don't use cookies but, because I only use relative urls, Zope seems to maintain the same security "context" thoughout the "session" (a relative url would be href = "dir1\dir2"). I am looking for some way to refresh this security "context" to use the new password. It is really confusing for the login to pop up at this point- particularly because it looks like it is asking for permissions to change the password ( needs OLD password) Clark -----Original Message----- From: Behrens Matt - Grand Rapids [mailto:Matt.Behrens@Kohler.Com] Sent: Thursday, October 25, 2001 10:09 AM To: Clark OBrien Cc: 'zope-dev@zope.org' Subject: Re: [Zope-dev] login prompt after letting user change his password. Clark OBrien wrote:

Hi all I have written some code to alow a user to change his password (below)

The problem is that after executing this code the login dialog pops up.

The login requires the user to enter his NEW password.

There is absolutely nothing wrong with that. Basic authentication works by sending the username and password with each request. You've changed the password on the server, but the client is still sending the old password, which doesn't authenticate them any longer. The user'd have to do it sometime, why not right after their password is changed? BTW, the proper forum for this type of question is the main Zope mailing list, <zope@zope.org>. -- Matt Behrens <matt.behrens@kohler.com> System Analyst, Baker Furniture