--I can't figure how to design cookie-based XUF login with Netscape 4.x. XUF seems to generate incorrect HTML that only MSIE can cope with. I need a different docLogin than the stock docLogin. I want to use acquisition: - I modified docLogin very slightly (only added some text), and saved it in the Zope root. - created exUserFolder in my FOLDER1. - deleted docLogin from the contents of that instance of exUserFolder. - created a LOGIN dtml method in FOLDER1. This login method limits "View" and "Access contents" permissions to Authorised role. Therefore it should trigger cookie-based login. When /FOLDER1/LOGIN is accessed, the following html is generated: [standard html header contents] <html> <head><title>Logging In</title> <META HTTP-EQUIV=Expires ...> <META HTTP-EQUIV=Refresh Content="0; http://localhost:8080/FOLDER1/acl_users/docLogin?destination=http://localhost:8080/FOLDER1/LOGIN"> </head><body></body></html> [standard html footer contents] The trouble is of course the [standard html header contents] and [standard html footer contents], because they ALSO contain <html><head> and </body></html>, respectively, and therefore they confuse Netscape. I tried to work around the problem by directing uses to click on the following link directly, instead of accessing a protected LOGIN page: <a href=http://localhost:8080/FOLDER1/acl_users/docLogin?destination=http://localhost:8080/FOLDER1/LOGIN> This approach lets users log in, but if they submit incorrect password, they are again presented with the "double head-double body" page described above. Oh, and I made sure that docLogin does NOT contain any references to <dtml-var standard_html_header/footer>, but this problem is somewhere else... Zope 2.4.3, exUserFolder 0.10.0 -- Milos Prudek