Our scenario is this..... We are using Zope with Apache and have created a folder under the Root Folder. In this folder I removed the original acl_users and added an exUserFolder and enabled secure cookie-based authentication. When I attempt to access this folder through a browser window, it comes up with the session based login box which is all ok. The problem I'm having is this.... If I put in a correct username but incorrect password, it comes up with a the login box again with the heading "Failed Login".... which is fine. But when I put in an incorrect username, it then comes up with a second login screen (Windows)and is asking for authentication again. Is there a way around this so that it also brings the original login box up again with the heading "Failed Login" ?? More information... We have this: <VirtualHost _default_:80> ServerName diff RewriteEngine On <Location ~ "/manage"> Redirect permanent /manage https://diff/manage SetHandler server-status Order Deny,Allow Allow from all #Deny from all </Location> RewriteRule ^/(.*) http://localhost:9080/VirtualHostBase/http/diff:80/Examples/GuestBook/Virtua... ot/$1 [L,P] </VirtualHost> Steps we have taken to try to rectify problem... Taken from Unenlightened Zopistas Guide to exUserFolder. We have attempted both steps 1.3 and 1.4 with no success. 1. 1.2 What happened You tried to access an area you don't have access to. Zope found the closest user folder to the object you were trying to access. The user folder decided you were not authorised and tried to display the login form. You don't have access to view the login form, so Zope finds the nearest user folder to the login form, which is the user folder above the protected directory. It pops up the authentication dialog. If you put in a valid username and password for this top level, then lower level then displays the login form. 1. 1.3 Solution 1 (preferred). Place the user folder one level above the folder you want to protect, that is in the unprotected area. Everything should work fine. 1. 1.4. Solution 2 (not so preferred). Set the View permission on the docLogin form inside the acl_users folder. You can get there by Choosing Contents on docLogin and scrolling down to the bottom. Any help in this matter is appreciated Thanks. ----------------------------------------------- ABS Web Site: www.abs.gov.au