[SNIP!]

To facilitate this, I'd like to put a button on my main screen that says "Login" when the user is not authenticated, and "Logout" when they are. I can make a link to /company/acl_users/docLogin and /company/acl_users/docLogout respectively, but I figure there's a better, more Zopish way to do this. Any ideas? I've got the button part figured out (ie. I can easily change what is shown on the page based on whether they are logged in or not), I just can't figure out where to send them when they click it.

*sigh* don't you love Outlook formatting? Anyways, I can't answer your other questions right offhand, but you can make a "logout" page very easily that doesn't even need to call the docLogout in the UserDB. Basically, you have to delete the cookie (which the default docLogout might not be doing in the current release). Using the following code effectively logs a user out when using cookie authentication. <!--#call "REQUEST['RESPONSE'].expireCookie('__ac', path='/')"--> Making an arbitrary "login" document is a little bit trickier. To ensure that the proper authentication is raised, make your own "docLogin" document that is protected (ie, Anonymous can't view it). This will raise the docLogin document in UserDB when the user clicks on it. You might want to do something like tracking the HTTP_REFERRER (REFERER?) header to return the user to the page they were on when they clicked the "login" link. You can even make your own form that mimics the docLogin form (submits the same parameters) whose action is a protected document. I've used this in a project where an unknown user needs to register, and part of that registration is a username and password. After they registered, they could enter the "members" area of the site and start working immediately, but I (a) wanted to keep that member area protected, and (b) didn't want to say to the user "Congratulations, now try out that new username and password by entering them again now!". Solution? I copied the <INPUT> tags from the UserDB docLogin form and changed their HTML type to "hidden" and set their value to the new username and password I had just acquired from the registration process, and set the target to the Member folder which required a Member role to View. It worked beautifully and gave me that resounding feeling of "mmm , Zope just kicks ass" (feelings of Zope kicking ass are of my personal opinion and does not necessarily reflect the views of Digital Creations. ;) .jPS