Hi. In our development, we stumbled over some behaviour that caused us quite a headache for a while. We managed to find a less than elegant solution, but it works for now. The case is this: We have the following structure (greatly simplified :) rootfolder | |-images | |-artists | | | |-acl_users | | | |-Artist1 | |-Artist2 | |-...etc As you can see, we have separated the "acl_users"-folder belonging to each of our artists into the "artists"-hierarchy. All images we use are located in "images", under the root folder. The problem appeared when we used DTML similar to the following inside the artists-folder: <dtml-with images> <dtml-var picture> </dtml-with> In IE, this would work just fine, Zope got the "picture" object from the "images" folder and displayed it - no problem. But with Netscape and Mozilla, we got authentication problems. It seemed as though Netscape insists on sending the authentication request no matter what, and is actually denied access to material that can be read by anybody (ie: the objects in our "images" folder). As far as we can see, this is a result of us having an extra "acl_users" folder in the "artists" folder. Thus the logged in artist is not a user in the root hierarchy, but only from "artists" and further into the tree. We've solved this problem temporarily by putting duplicates of the images in the "artists" folder. My questions are thus: 1. Should we move the "acl_users" folder to our root folder? If possible, we would prefer separating the artist users into their own folder, to avoid clutter. But they should be able to access the rest of the site, like any anonymous user. 2. Is this a problem with the way Zope authenticates users? Shouldn't users that don't authenticate correctly at least have access to the content readable by anonymous users? Or have I done something terribly wrong? :) You see, we plan on having a "listeners" folder too, where we are going to store individual listeners' preferences (what artists they want to be notified of, what music categories they prefer, etc) - and I assume we will run into the same problems here - users being authenticated only in the "listeners" folder and below. They should be able to browse the normal web, however, and add artists to their notify-list. Does this acl_users have to be in the root user folder too? Please CC me, as I don't have access to the list at the moment. Regards, Alexander Limi.