Hi everybody. I've asked some questions in the past about login methods and the answers I got were pretty confusing / over my head. So I've taken some time here to research this and want to see if I've got this down and then I have a couple more specific questions. Okay, so we have the following: 1. Basic HTTP authentication 2. Cookie authentication 3. URL rewriting with something like Cookieless Session. I imagine you could use a session variable like UserID taken from a user database? I don't know if this is a typical authentication method and I've just started looking into this. So I'm still learning about this, but my understanding is as follows. 1. Basic HTTP authentication is out if you want a customized login page. 2. I get mixed reactions to cookies - some people turn off cookies, etc. So maybe this isn't a great authentication method. Which would bring me to option 3. At this point, I don't have a specific problem/solution in mind, I'm just trying to learn about this so I have the appropriate tools in hand when I need them. So, finally, my questions: 1. Is there a way to do authentication without the use of cookies and without url rewriting? 2. How does Zope.org authenticate it's users? I've noticed that I can log in as more than one user at the same time from a single computer. I don't see a URL rewrite and I didn't think cookie authentication allowed you to do that. I'm not sure if that is clear, so here's an example of what I mean: I created a practice site using mysqlUserFolder and cookie authentication. If I login to that site and then open up a new browser window and go to that same site, it shows me as being logged in already. Zope.org doesn't do this. Thanks again everybody. -Jeremiah