Hi all, I'm struggling with several aspects user authentication, perhaps someone can help me out? I've tried to put the pieces together myself, but there are big gaps... Firstly, I need form-based login/logout - not a popup window. Am I correct that to do this I need cookie based authentication not basic authentication? If so, why is that? What's the mechanism here? I've been using exUserFolder, and it seems pretty cool - I'm authenticating against a MySQL table and I've been able to write my own authentication routines and plug them in without any problem. But I can't get it to do form-based logins. When you create an exUserFolder it asks if you want basic or cookie authentication, but this seems to make no difference to whether or not I get the basic authentication pop-up box. Does anyone have any ideas or input as to what I'm doing wrong? I've also played a bit with Core Session Tracking, and I'm wondering if and how to integrate that with this process. :-) In particular I want to automatically log people in under certain circumstances. Is CST overkill? Should I just set and look for a cookie in my exUserFolder-based auth routines? But then wouldn't CST be a good way of managing those cookies rather than doing it by hand? All advice appreciated, and if any amazingly kind person wants to discuss this on #zope, I'm there too. :-) Cheers, -Andy -- Andy Gimblett - Programmer - Frontier Internet Services Limited Tel: 029 20 820 044 Fax: 029 20 820 035 http://www.frontier.net.uk/ Statements made are at all times subject to Frontier's Terms and Conditions of Business, which are available upon request.