Hello: We are currently using CookieCrumbler as the authentication method for an application. It all works fine so far. Nevertheless, we are interested in implementing session expirations, we'd like to set a property somewhere in the application tree with the number of inactivity minutes when the "session" would expire after the user has not done anything within that period. The question is: what is the best approach to perform this "session expiration" feature ? As far as I am aware, CookieCrumbler does not natively supports this, except of course, coding a bit more to programatically expire CookieCrumbler's session cookies, but this could potentially create other issues.... The second question is: there is also the need to control that users do not access the system with one account more than once at a time. (i.e. that an account is not used by more than one user at a time). Again, what would be the advise in this subject ? Both requirements (expirations and "only one login at a time") are for the same application that currently uses CookieCrumbler. I have seen many different UserFolders and Session products for Zope, some have a rather old release dates and before embarking into an adventure with some of this products, I'd like to get some feedback from the Zope community. Your advise is well appreciated, thanks in advance. ! Felipe