Hi, I'm looking at the AuthCookie code, getting ready to release a new version to CPAN. It looks to me like currently only the first 'require' directive will be processed and obeyed. Here's the code from the old authz(): ************************************************************ foreach $reqs (@$reqs_arr) { ($requirement, $args) = split /\s+/, $reqs->{requirement}, 2; $args = "" unless defined $args; $r->log_error("requirement := $requirement, $args") if ($debug >= 2); if ($requirement eq "valid-user") { return OK; } elsif ($requirement eq "user") { return OK if ($args =~ m/\b$user\b/); } else { my $ret_val = $auth_type->$requirement($r, $args); $r->log_error("$auth_type->$requirement returned $ret_val") if $debug >= 3; return OK if $ret_val == OK; } $restricted++; } return OK unless $restricted; return FORBIDDEN; ************************************************************ Is anyone actually using this with multiple "require' directives? Or would anyone like to? ------------------- ------------------- Ken Williams Last Bastion of Euclidity [EMAIL PROTECTED] The Math Forum