Hi all: I do need form authentication and I am trying to make a CookieCrumbler (latest version 0.5) work within a Zope site behind Apache 1.3.27 implemented with only one VirtualHostMonster at the root folder level. My folder's structure is like: root-- site1 CookieCrumber logged_in logged_out index_html acl_users exit_html The default login form (a CookiCrumbler property) is actually index_html which in turn uses "logged_in" after some page formatting (CSS and such.). The default log out method (another CC property) is "exit_html" which in turn calls a <dtml-call "cookie_crumbler.logout()"> which in turn, at the end (from the CookieCrumbler machinery) -supposedly- calls the "logged_out" method. If I get into the site through the 8080 port, everything works like charm, nevertheless if I get into the site through Apache (port 80) and hence using the VirtualHostMonster machinery, the CookieCrumbler starts behaving oddly, specially what concerns to the logout process. When logging out, the URLS and paths get effectively rewritten/mapped to: www.site1.com/logged_out instead of: www.site1.com/site1/loggedout. Therefore, logged_out is never found even tough "exit_html" was executed and (presumably) the <dtml-call "cookie_crumbler.logout()"> was executed also. I got rid of all "absolute_all"'s within my application code as to avoid problems with the VirtualHostMonster. I have checked the CookiCrumbler code and it uses absolute_url() within its code (in def logout(...) for instance. I think this usage of absolute_url is what is messing things up. I know I can play around with VirtualHostMonster mappings and solve the problem somehow. but, the overall questions are: 1.- What is the best way to work with VirtualHostMonster and code that uses absolute_url(). 2.- The preffered and correct use of CookieCrumbler (with VHM installed) would be....? Calling <dtml-call "cookie_crumbler.logout()"> is the propper way to "logout" using CC ? 3.- Any special suggestions for the above settings would be appreciated. I know about basic authentication not having/knowing of a "logout" concept. I also know about CookieCrumbler simulating the login/logout with the setting/expiring of cookies and only "intersecting" with with the HTTP authentication where required to make this work. Thanks in advance for your comments and assistance. Best regards. -- Felipe Barousse Boue. CEO - Director General Piensa Technologies - Bufete Consultor de Mexico www.piensa.com