Hi, I am using Zope with Apache and have created a test folder under the Root Folder. In this test folder I removed the original acl_users and added an exUserFolder and enabled secure cookie-based authentication. When I attempt to access this test folder through a browser window, it comes up with the session based login box which is all ok. The problem I'm having is that if I put in an incorrect username / password, it then comes up with a second login screen (Windows) and is asking for authentication again. Why does it do this. I just want it to say that it is an incorrect login. Can this be achieved?? I hope I have explained this OK. Any help is appreciated. Thanks. ----------------------------------------------- ABS Web Site: www.abs.gov.au