Gilles Lenfant writes:

Then I add some instructions in this script to log this new user with CookieCrumbler, as indicated in the default provided "login_form"

.... context.acl_users.manage_users(submit='Add', REQUEST=context.REQUEST)

context.REQUEST.form['__ac_name'] = form['newusername'] context.REQUEST.form['__ac_password'] = form['newpassword'] context.REQUEST.form['__ac_persistent'] = '1' context.REQUEST.form['came_from'] = 'minimum_html' return context.logged_in(context, REQUEST=context.REQUEST)

What's strange :

1/ This does not work

2/ The new user is not created when adding the lines that _try to_ log using CookieCrumbler When you read

<http://www.dieter.handshake.de/pyprojects/zope/book/chap3.html> you will see that ZPublisher performs authentication only once, *BEFORE* it calls the object identified by the request URL. As a consequence, your modifications to "REQUEST.form" are not seen by CookieCrumbler because it is not called after the changes. This explains 1) 2) is clear too: because there is no reauthentication, your "logged_in" raises an Unauthorized exception. This exception, like all exceptions, aborts the current transaction: the ZODB is not modified. You should "redirect" after you added the user. This will cause a new request together with a new authentication. Dieter