I originally wrote the following: ======== I am using Zope with Apache and have created a test folder under the Root Folder. In this test folder I removed the original acl_users and added an exUserFolder and enabled secure cookie-based authentication. When I attempt to access this test folder through a browser window, it comes up with the session based login box which is all ok. The problem I'm having is that if I put in an incorrect username / password, it then comes up with a second login screen (Windows)and is asking for authentication again. Why does it do this. I just want it to say that it is an incorrect login. Can this be achieved?? ======== Question 1 --> I got a response saying that maybe the "you are not authenticated" page is not viewable by anonymous users. I'm unable to find this page anywhere. Can someone let me know where this page can be found? It is not with the Login or Logout pages.... should it be?? Any help will be appreciated. Thanks Marnie ----------------------------------------------- ABS Web Site: www.abs.gov.au