When a user tries to login to exUserFolder, the 'docLogin.dtml' method is displayed. I need to redirect the user to 'https:' + URL[5:] if they try to access the login form via unencrypted http. However, I can't seem to do this. I've tried putting the redirect in docLogin, that doesn't work (unless the user navigates directly to docLogin, which they almost certainly never will). I've tried putting the redirect right before every "raise 'LoginRequired', self.docLogin(...)" call in the exUserFolder.py. Neither of these work. I confess I don't have the best understand of how the redirection to login screens works. I can say that it seems that the HTTP 'location' header is getting set, but the response code is always 500, which means that the browser ignores the 'location'. I am passing a true value for 'lock' in my redirect calls, i.e. REQUEST.RESPONSE.redirect('http:' + URL[5:], 1) But none of this works. Any clues? Thanks, Mark