Hello, Recently, I had to replace ZPublisher's default authentication scheme, as part of a product I'm working on. I am aware of the existence of LoginManager, exUserFolder, etc., but in this case I needed to have a custom login screen at root level, i.e. completely get rid of the basic HTTP authentication and browser popup window. So I replaced some of the HTTPRequest and HTTPResponse methods in order to present the user an HTML form whenever an 'Unauthorized' exception is raised. While I'm sure such an issue has arisen hundreds of times, somehow I was unable to find a product or a How-To that specifically addresses it, which means either I don't know how to browse the Web, or nobody has bothered to document their knowledge in the area. So I went ahead and created a simple Zope product that, upon installing, makes the necessary changes in HTTPRequest and HTTPResponse (HotFix style), so that cookie-based, HTML form login replaces the default one. For the curious, the product can be found at http://www.prism.gatech.edu/~gte085h/zope/CustomLogin/ In regards to this product, I've been pondering some questions that I'd like to be answered by knowledgeable people, if possible: 1. Is there a product that makes the changes I described, and where can I find it? 2. Does anyone think it's a good idea to provide some kind of a standardized API for replacing ZPublisher's authentication? 3. If a user attempts to access a resource, and is denied access, my modified HTTPResponse simply redirects to the login form, without bothering to record the URL the user originally tried to access (which can be a bad or a good thing, I suppose). Is there any way for an HTTPResponse instance to find out the URL of its HTTPRequest? 4. Not entirely related to this topic, but I noticed that the ChannelPipe class, used for communication between ZServer and ZPublisher, serves only one object instance at a time. What would be some practical difficulties in changing this class to serve multiple HTTPResponse instances? Finally, after noticing the ongoing discussion about the error HTML contents produced by ZPublisher upon an exception, I'd like to point out that it's extremely trivial to replace HTTPResponse._error_html and provide either custom behavior (e.g. sending email to the administrator), or custom HTML code, whether loaded from a file or hardcoded. Is anyone interested in me writing a How-To on this topic? The product I described above, already does that, so it would be rather easy for me to put together some documentation, provided that nobody has bothered to write any. Let me know... Sincerely, Ivan Raikov