hi, happy new year everyone! I'm stuck on a problem involving cookie crumbler authentication: I'm building a site which requires users to register their own accounts and log in. When the users are created, I generate a password for them. But I need to allow the users to change their own passwords. At the moment I'm using a python script which picks up the new password and confirmation from a form, and does this (after checking the new password and confirmation match): ------ user = request.AUTHENTICATED_USER uid=user.getId() myreq={} myreq['name']=uid myreq['password']=request['new_pwd1'] myreq['confirm']=request['new_pwd1'] context.acl_users.manage_users( submit='Change', REQUEST=myreq ) response.redirect( '%s/changed/' % request.URL2 ) return ------- The code manages to change the password successfully, but I cannot then view the confirmation page, and am redirected to CC's login_form page, (I think) because the password set in the cookie is now not the same as the updated one in the acl_users user folder. Do you agree that this is the problem here, and if so, what would I have to do to fix this? [Zope 2.6.0, Python 2.1.3, Solaris 7, viewed in Mozilla 1.0.1] TIA Ben Avery