Is it just me, or is logout actually impossible? Once you're authenticated with ExUserFolder (on a subfolder), it seems near as dammit impossible to become un-authenticated - I've tried quite a few permutations (standard authentication & cookie based). This doesn't work: <div tal:define="dummy python:here.acl_users.logout(request)" /> Nor does this: <div tal:define="dummy python:request['RESPONSE'].expireCookie('__ac',path='/')"/> NB What should 'path' be here? Sure, you can redirect to a folder above the XUF acl_users, e.g. to the root: <div tal:define="dummy python:request.response.redirect('/loggedout')" /> but that doesn't stop the user going back to where they were and remaining authenticated. I've read in some places that it's all IE's fault, for not destroying the session info, but I'm using the latest version of IE, so that seems strange. Do PHP users have this problem too, or is it just Zope? I can get registration and login working just fine. It's just logout that's tricky.