Hi, I originally wrote the following: ======== I am using Zope with Apache and have created a test folder under the Root Folder. In this test folder I removed the original acl_users and added an exUserFolder and enabled secure cookie-based authentication. When I attempt to access this test folder through a browser window, it comes up with the session based login box which is all ok. The problem I'm having is that if I put in an incorrect username / password, it then comes up with a second login screen (Windows) and is asking for authentication again. Why does it do this. I just want it to say that it is an incorrect login. Can this be achieved?? ======== I got a response saying that maybe the "you are not authenticated" page is not viewable by anonymous users. I'm unable to find this page anywhere. Can someone let me know where this page can be found? It is not with the Login or Logout pages.... should it be?? Also, while I'm here.... I'm trying to figure out all I can about logging events in Zope and have come up with a little bit of information but not quite enough to clarify everything for me. As I'm sure you can guess.... I'm a newbie with this type of stuff. Anyway, I'm trying to find out exactly what type of things can get logged. My impression is almost anything. In the error_log you are able to stipulate "Ignored Exception Types" and by default there is "Unauthorised" and "NotFound". I assume we just add to this if we need to log other exceptions. Is there a list of exceptions that can be logged (that we can choose from) or do we configure these ourselves. If we have to configure them, are you able to point me in the right direction?? Also... on the topic of error messages being logged, what is the actual format of the message being logged (format %(message)s) that gets written to the event log. Any help is appreciated. Thanks. Marnie ----------------------------------------------- ABS Web Site: www.abs.gov.au