I've been trying to log a user in programmatically for a while, and I think I've finally got it cracked. All you have to do is create a new SecurityManager with a user object: from AccessControl.SecurityManagement import newSecurityManager ... newSecurityManager(None, user) My question is this: is there any reason why this would be a Bad Thing, security-wise? seb