I'm writing Zope product supposed to give shopping cart functionality. Order can be specified and completed by anonymous user; user should be prompted for password in latest possible moment, i.e. when throwing order to the cart. Order is remembered in session variable. When user decides that order is complete I call (from unrestricted code) something like: self.Cart().ThrowIn(self.REQUEST) Cart() returns instance of `current' shopping cart (one that user is currently using); when there is no current cart, one is created; when user isn't logged in, Unauthorized is raised. Cart is not calling object's own method but independent callable object acquired by calling object. Now when user isn't logged in, Cart() raises Unauthorized, user gets asked for login and password, and boom! We have no order data in REQUEST.SESSION after authentication. I read in one of recent posts on this list that it's because exception aborts ZODB transaction, so I tried to work around the problem by committing transaction before calling Cart(), so now our fragment looks like this: get_transaction().commit() self.Cart().ThrowIn(self.REQUEST) It seems to work for now but I'm not really sure if such messing with something usually done automagically by Zope won't have some obscure and nasty side effects. Am I doing something dangerous now or is this the Right Way to deal with my problem and if it's not then what is? --japh -- __ Maciek Pasternacki <maciekp@japhy.fnord.org> [ http://japhy.fnord.org/ ] `| _ |_\ / { Any road followed to its end leads precisely nowhere. Climb ,|{-}|}| }\/ the mountain just a little to test it's a mountain. From the top \/ |____/ of the mountain you cannot see the mountain. } ( F.Herbert ) -><-