Hi all, I'm using Zope 2.5.1 under Win2k, and authenticating users via the LDAPUserFolder (1.5beta1) with cookie based authentication. I've got a logout link that looks like this: <a href="/mysite/acl_users/logout">Log Out</a> Where the acl_users object is my LDAPUserFolder, and the logout object is a custom form I've placed in it that looks like this: <dtml-call expr="RESPONSE.expireCookie('__ac',path='/')"> <dtml-call expr="SESSION.invalidate()"> <dtml-call expr="RESPONSE.redirect('/mysite/index_html')"> The redirect works, but what I expect to happen is that the user should be presented with the login form, instead they are presented with index_html and are most definitely not logged out (user Anonymous does not have 'view' permissions while Authenticated does). In fact, I can't seem to kill the session without closing down the browser entirely. Could anyone give me any pointers to using cookie based authentication, or let me know what I'm doing wrong in this case? Thanks! David A. Riggs Science Applications International Corporation - SAIC (304)284-9000x201 driggs@asset.com