1: (why) do I need to specify the AuthName, Session, and authn provider params (e.g. DBD query) in both the location I am protecting and in the location that defines the form-login-handler? 2: I'd like to say that an entire logical tree is protected, and have a successful login redirect back to wherever the user tried to go in the first place. However, the doc seems to be telling me that I need to supply AuthFormLoginSuccessLocation with a specific URL in it. In other words, if I start out with <Location /protectedStuff/> AuthType form ... </Location> and then I set up <Location /dologin.html> SetHandler form-login-handler ... </Location> and the user navigates to /protectedStuff/banannas.html, I'd like a successful login to redirect to that location, whereas if they navigate to /protectedStuff/kumquats.html, ditto. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx