Also, the way my site works, I would like to allow the user to authenticate of their own accord, rather than wait until they try to I found that if you create a page wich define __name and __password, eg:

**MyLoginPage** <form action=LoginSuccessfull method=post> <input type=text name=__name> <input type=text name=__password> <input type=submit> </form> **LoginSuccessfull** <p>You have logged in!</p> If __name and __password are correct, the user is automagically logged with that name and that password, and the LoginSuccessfull page is displayed. However, if the __name and the __password aren't correct, you get the unauthorized page. To Logout the user, MyLogoutPage expire the __ac cookie. However I didn't like these way of doing. So I wrote an exthernal method that compute an __ac value from two variables: name and password (not __name and __password, to avoid acl_users do the authentification itself), or return None if these are not correct. That way, if the result is not None, I set a cookie with name __ac and the value I got from the external method. You could write your own external method by looking at the source of UserDb.