Hi I have been pestering the good folks on #zope about this, as well as trying to ask in here a couple of times, but I'm not getting anywhere, and worse, I don't think people get what I am trying to do although it seems simple: Our site is served by Zope, as well as PHP and Perl - the entry point is in PHP - i.e. login screens, general stuff. By the time someone gets to the Zope pages, they should be already logged in. I've looked at both exUserFolder and SimpleUserFolder, but I still cannot see how to intercept the request before the UF presents the user with a login screen / HTTP basic auth dialog. The PHP part of the site will have set a cookie - in Zope I need to look for this cookie, and then use it as a key in our RDBMS to check whether or not to allow the user to proceed. If there's no cookie or the user is not authorized, I need to bounce them back to the PHP-based login system. TheJester suggested looking at remoteAuthMethod in exUF, but this method is called too late in the chain of events. Am I really not making sense? Anyone shed any light on this? TIA, Felix.