i did it, but it don´t work, Because this code has no sense this way. You're just storing and retrieving data from session. What do you suppose this will do...

Try something like: def extractCredentials(self, request): creds = {} session = self.REQUEST.SESSION creds = session.get('_key', None) if creds: return creds login = request.get('__ac_name', '') if login: # Look in the request for the names coming from the login form login = request.get('__ac_name', '') password = request.get('__ac_password', '') if login: creds['login'] = login creds['password'] = password if creds: creds['remote_host'] = request.get('REMOTE_HOST', '') try: creds['remote_address'] = request.getClientAddr() except AttributeError: creds['remote_address'] = request.get('REMOTE_ADDR', '') session.set('_key', creds) return creds return None You should use protected class (like in CAS4PAS) to store credentials in session. Also you should think how it is supposed to work and what should be done in extractCredentials and what in authenticateCredentials functions, etc. So far this code checks if there is object in session and if so then it extracts credentials from this object, if no, then it tries to extract credentials from request. You should now validate these credentials with something (eg. RDBMS), possibly in authenticateCredentials function. -- Maciej Wisniowski