Hi List, I'm using ExUserFolder, with zope as the authentication source, and MySQL as the properties source. I have a custom login form, which calls a script called process_login, an exerpt of which follows: from AccessControl import getSecurityManager request = container.REQUEST result = container.acl_users.validate(request=request) name = getSecurityManager().getUser().getUserName() This seems to work fine, except in rare circumstances. I'm unsure exactly of the details of those circumstances, but what happens is that sometimes when a user logs in, they are redirected to the standard ExUserFolder login form, with a message similar to "session expired, please log in". This also generates an event in the error log, typed "LoginRequired". My suspicion is that this happens to users who have logged in before, and what is happening is that it checks their cookie, finds it expired, and rather than processing the login as new, invalidates the entire request, and redirects them to the standard login form. Any clues? Thanks, Alec Munro