dlee@usol.com writes:

I need functionality that none of the UserManagers seem to address. I need to allow a user to elect to log in (and set AUTHENTICATED_USER) as opposed to have them access a restricted resource to trigger cookie authentication. Maybe, I do not understand you. But it appears to me that this is the behaviour of *all* cookie based UserFolder implementations, including GUF.

GUF, especially as a "login" method which allows you to log in at will. It pops up the usual login dialog and after you provided login information and submitted the form, it calls "login_success" (which happens to be priviledged). However, after your login, *any* access of a page governed by the GUF with authenticate the user and set the cookie, whether or not the page is protected or not. Only is your "login" form action goes to a resource which is not goverend by the GUF (i.e. above in the hierarchy or in a different subpath), then the login information is lost. Dieter