[Zope] UserDb/Authentication Questions

[Jeff K. Hoffman]

Hello everyone!

I have been working on a site recently, and have come across a problem
when using the UserDb product.

Say I have a site as follows:

+ /
  + company
    - acl_users (UserDb)
    - index_html
    + events
      - index_html
      + members
        - index_html

The data in the members folder is only accessible to users with the
'Members' role. The acl_users object, a UserDb instance contained in the
company folder, contains login information for all the members of the
site.

When a user browses to /company/events/members, they get the login web
form (I am using cookie-based auth.) The user logs in, and if all goes
well, they arrive at the following URL:

  /company/events/members/events/members

For some reason, UserDb or Zope is adding an extra events/members onto the
URL. I can't figure out what I'm doing wrong.

Also, the way my site works, I would like to allow the user to
authenticate of their own accord, rather than wait until they try to
access data they don't have permission to. This works better for a variety
of reasons, on of which is because I can change the look of certain parts
of the site based on their roles. To facilitate this, I'd like to put a
button on my main screen that says "Login" when the user is not
authenticated, and "Logout" when they are. I can make a link to
/company/acl_users/docLogin and /company/acl_users/docLogout respectively,
but I figure there's a better, more Zopish way to do this. Any ideas? I've
got the button part figured out (ie. I can easily change what is shown on
the page based on whether they are logged in or not), I just can't figure
out where to send them when they click it.

Any ideas?

Thanks,

jkh