Hi list, my questions are about logged in users. Let's say I log in to my Zope-builded site as user 'foo' and do something (e.g. navigate around). Now if I ask for a resource (say the bar.html file) to which foo has exclusive view permission granted, I get that resource (view that bar.html file) without Zope asking for authentication credentials. This means of course that Zope automatically checked that the request of bar.html was made by user foo, and also that Zope knows user foo is currently logged in: the question is HOW could it do it? I have disabled the cookies on my browser (Netscape), cleared the disk and memory cache, erased from the file system the directory used by Netscape as the disk cache, so how could Zope tell that the request of bar.html came from user foo? Based on the IP address of the requestor? Also, how does Zope keep track of the users currently logged in? What data structures does it use? More, there seems to be no way of logging out (except if you're a manager: in this case you can use the logout button from the management interface): if you ask for a resource not publicly accessible, you're prompted to enter userid and password and from that moment on you're logged in, but how can you logout? Regards, Mario. _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com