Ok -- here's some more info. when I call the script <!--#var standard_html_header--> <!--#var test.xm--> <!--#var "REQUEST['AUTHENTICATED_USER']"--> <!--#var standard_html_footer--> I get the correct, expected results. When I add one line so that it reads: <!--#var standard_html_header--> <!--#var test.xm--> <!--#var "REQUEST['AUTHENTICATED_USER']"--> <!--#var "dwName(REQUEST)"--> <!--#var standard_html_footer--> I get a traceback. This traceback includes a whole ton of REQUEST data like so: Traceback (innermost last): File /usr/local/Zope-1.9.0-src/lib/python/ZPublisher/Publish.py, line 879, in publish_module ....[snip]... environ: SCRIPT_NAME: '/Zope' UNIQUE_ID: 'Nsn4OcauaW4AAAQhCbQ' HTTP_ACCEPT_ENCODING: 'gzip' PCGI_EXE: '/usr/bin/python' HTTP_ACCEPT_LANGUAGE: 'en' PCGI_PUBLISHER: '/usr/local/Zope-1.9.0-src/pcgi/pcgi_publisher.py' GATEWAY_INTERFACE: 'CGI/1.1' PCGI_DISPLAY_ERRORS: '1' HTTP_ACCEPT: 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*' REQUEST_URI: '/Zope/test_area/test1' SCRIPT_URL: '/Zope/test_area/test1' .....[snip].... What is interesting is AUTHENTICATED_USER is NOT there. Now, IF I am right, that this is showing me the entire REQUEST structure that was passed to my external method, why is it different from teh one being used INSIDE the dtml where AUTHENTICATED_USER is available? --------------------------------------------- A computer without Microsoft products is like a dog without bricks chained to its head ---------------------------------------------