Hi all I've run into something baffling regarding authentication. For debugging purposes, my standard_html_header tells me: (I'm <em><dtml-var "AUTHENTICATED_USER.getUserName()"></em> and I have <em><dtml-var "AUTHENTICATED_USER.getRoles()"></em> role(s).) When I visit /docs, it tells me: (I'm Anonymous User and I have Anonymous role(s).) That's cool. Now I visit: /docs/manage_addProduct/ccDoc/ccDocClass_factory via a link from /docs, and I am prompted for username and password. I add an instance of my ZClass, and am redirected to /docs: <dtml-if "AUTHENTICATED_USER.has_role('ContentManager')"> <dtml-comment> njj: Called from the public interface </dtml-comment> <dtml-call "RESPONSE.redirect( DestinationURL+'/index_html')"> <dtml-else> <dtml-call "RESPONSE.redirect( DestinationURL+'/manage_workspace')"> </dtml-if> (this is from ccDocClass_add). When I arrive I *still* see: (I'm Anonymous User and I have Anonymous role(s).) Now I edit the URL manually and visit /docs/manage, which works *without* prompting me for authentication. I edit the URL back to /docs, and now I see: (I'm docEditor and I have ContentManager and Manager role(s).) Also, this doesn't *always* happen. Perhaps it's an IE problem? Does anyone know exactly how this works? -- Jean Jordaan -- technical writer -- Mosaic Sofware -- Zope 2.16 on W2K