Hello... I am a site where I use UserDB (with cookie-authentication) to validate users. I have a folder where I placed an index_html file that contains something like this: <dtml-if "AUTHENTICATED_USER.getUserName()=='Anonymous User'"> <dtml-call "RESPONSE.setBase('http://izote.infosys.com.ar/Zope/research/acl_users')"> <dtml-with acl_users> <dtml-var docLogin> </dtml-with> <dtml-else> ... [ the document goes here ] ... I have tryied setting up the permissions on the "research" folder and unchecked the "Acquire permissions" from the "security tab" for the "Access content", "FTP Access" and "View". I have two local roles "Member" and "Client", I checked the combos for this two roles. I also selected the "Manager" role in the "proxy" tab of the docLogin DTML from the UserDB acl_users folder. When I try to access the URL http://izote.infosys.com.ar/Zope/research/ I get the following traceback: <!-- Traceback (innermost last): File /export/home/bmatt/iPersonal/lib/python/ZPublisher/Publish.py, line 214, in publish_module File /export/home/bmatt/iPersonal/lib/python/ZPublisher/Publish.py, line 179, in publish File /export/home/bmatt/iPersonal/lib/python/Zope/__init__.py, line 201, in zpublisher_exception_hook (Object: ElementWithAttributes) File /export/home/bmatt/iPersonal/lib/python/ZPublisher/Publish.py, line 151, in publish File /export/home/bmatt/iPersonal/lib/python/ZPublisher/BaseRequest.py, line 426, in traverse File lib/python/Products/UserDb/UserDb.py, line 289, in validate (Object: RoleManager) File lib/python/Products/UserDb/UserDb.py, line 284, in cookie_validate (Object: RoleManager) LoginRequired: (see above) --> What I am doing wrong? If I don't uncheck all the "Acquire permissions" from the security tab of the folder I can use the login, because I am doing the "dtml-if" statement on the DTML-document, but I presume that's not the way it's suposed to work. My docLogin file uses the <dtml-var standar_html_header> tags, that's why I put the "proxy" role. The problem that's annoying me, and that's why I am asking this question, is that with my method (the dtml-if in the index_html) whenever a user put's a wrong user/password, he/she gets the pop-up window prompting for user/password. I do not want that to happen. Can someone give me a hint on what I am doing wrong? TIA /B Bruno Mattarollo <brunomadv@ciudad.com.ar>