I'm at my wit's end. Any help is appreciated. Yes, I have worn Google out trying to figure this out. In my (yeah, yeah, I know) DTML method, I have structured things like so: <dtml-call pyCheckSession> <-- a Python script that checks whether the user is allowed to see the page <dtml-var mvp_header> <-- header include ... Sundry HTML/DTML ... I am running Zope 2.9.2 and Python 2.4.2 on Mac OS X 10.4.6. I have the stock session manager objects installed (Transient Object Container, Session Data Manager, and Browser Id Manager). When I am not logged in and I go to an unauthorized page, the response location appears to get set as desired, but the redirect does not happen. Instead, the page from the original URL still renders (not very secure, I'd say). The URL I hit was: http://localhost:8080/www/nmact/MVP/website/mymvp_html Here are the relevant bits from pyCheckSession: request = container.REQUEST RESPONSE = request.RESPONSE session = request.SESSION url = '' if len(session.keys()) == 0: "User is not logged in" url = '/www/nmact/MVP/website/login_html' if url <> '': "If we have need to, bump the user out" RESPONSE.redirect(url) Here are the contents of the response object: HTTP/1.1 302 Moved Temporarily Server: Zope/(Zope 2.9.2-, python 2.4.2, darwin) ZServer/1.1 Date: Tue, 23 May 2006 22:05:51 GMT Content-Length: 0 Location: /www/nmact/MVP/website/login_html To reiterate, the response location appears to get set to login_html, but the content of mymvp_html still renders. What am I doing wrong? TIA, -Andrew ----- andrew@clearwired.com / http://clearwired.com