Zopatistas,

I need functionality that none of the UserManagers seem to address. I need to allow a user to elect to log in (and set AUTHENTICATED_USER) as opposed to have them access a restricted resource to trigger cookie authentication.

You mean you want to use AUTHENTICATED_USER like a cookie, i.e. loggin in and every password authenticates? Using basic auth it might be a nice way to get cookie functionality without using cookies. You could write a custum method which triggers authentication and rewrite the method of GUF to always return 1. If someone wants to "log in", he could click on a link to this method. Maybe <dtml-unless "AUTHENTICATED_USER.getUserName()=='Anonymous User'"> <dtml-raise type="Unauthorized"> Logout!! </dtml-raise> </dtml-unless> You are now logged out! could be a starting point. If it is contained in standard_html_header it would force everyone to choose a user name, and in conjuction with the GUF-hack mentioned above he would always be logged in - well unless he decides to call himself "Anonymous User" (luck that this isn't coward ;). If you want to use cookies anyways, take a look at session manager or code it yourself and don't use hasrole. cheers, oliver