Hi all. I have this problem with our zope based CMS system. No matter what i try I can not make the docLogin page appear when it should. If I go directly to it, it works fine, but otherwise the http auth poppup appears. I have started looking into exUserFolder, and putting in zLOG.LOG statements to try to figure out what is going on. The best description of what is _supposed_ to be going I have found is this: http://www.zope.org/Members/vladap/mysqlUserFolder/release-1.0.5/README Section -> "Zope authentication process" When i log just above "if user != None:" in validate at approx. line 1040 in exUserFolder.py I get: auth: None roles: None parent index.html user: Anonymous User I get this wether index html allows anonymous or not. Is this propper behavior? Where does roles come from? Should not that reflect the roles needed for access? If access is allowed all the other requests for images and so on have: auth: None roles: ('Manager', 'Anonymous') parent <bound method Image.id of <Image instance at 42aeb650>> user: Anonymous User I think our CMS has modified the permission system somewhat to allow access to some specific folders above acl_users, but I have not found those changes yet. (and the lead developer is very busy on something else, and don't remember) I don't know if this is relevant or not, either.. Anyway, it seems a crucial point must be towards the end of cookie_validate after "if not self.sessionTracking" at approx. line 930. If I override here and set roles = ('Manager'), i get to "raise 'LoginRequired'", and it seems like I should end up at acl_users/docLogin via docLoginRedirect.dtml, except that I go into a redirect loop because of the same override. Normally "if nobody.allowed(parent, roles):" is true, and "ob" is returned, which is 'Anonymous User', even if the file I am accessing is protected. Should not this be None in the last case? And if it returns anonymous, then who decides to ask the next acl_user upp the chain (who only knows http auth)? How about some way to trace down where roles come from? Am I on the right track here? I had a peek in ZPublisher/BaseRequest.py, but that only made me more confused.. All confused, and ready to give up now. Any and all explanations, tips, or good ideas appreciated. Regards Gaute Amundsen -- ----------------------------------------------------------------- Gaute Amundsen "Technology today is the campfire gaute@div.org around which we tell our stories. There's this attraction to light and to this kind of power, which is both warm and destructive." Laurie Anderson http://www.div.org --------------------------------------------------------------------