> I'm guessing that yes, Zope is using session cookies in this setup. > Unfortunately, the people who did the original configuration and setup > are no longer with my company, so I can't ask directly. How would I be > able to tell if it's set one way or another? I certainly see nothing > about cookie auth in the zope.conf file. This is done by your acl_users. I don't know what kind of User folder you're using. You may see this by going to acl_users folder in ZMI and on the top you should see something like: 'Pluggable User Folder at /path/to/acl_users'