Christoph Landwehr wrote:
If I log in at object B (authentication required) and than view document A (no authentication) an the same level, I am NOT authenticated (not on aquisition path). But I can view third document (authentication required) on the same level without being asked for an authentication again, although it is not in the aquisition path of the first object.
That's a bit confusing (for me)
...and you still haven't said if you're using Basic Auth or Cookie Auth. If you're using Basic Auth, then what you're seeing is a result of the fact that browsers only send cached basic authentication credentials if prompted to do so by receiving a 401 from the webserver. Zope can only send a 401 when someone views a page that requires authentication. This is to do with the stateless nature of HTTP and how Basic Authentication works. What would you like to have happen? Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk