Hi Edi, I found a bug in AUTHORIZATION. If I click the "Authorization" link on the Hunchentoot test page and submit an empty username and password, instead of prompting me again, the server returns `Internal Server Error'. In this case, the call to SPLIT returns nil, which does not match the DESTRUCTURING-BIND lambda list. My first reaction was simply to rewrite the DESTRUCTURING-BIND to permit a nil username as well as password: (destructuring-bind (&optional user password) (split ":" (base64:base64-string-to-string (subseq authorization start))) (values user password)) Then, we would get (VALUES NIL NIL), which would seem consistent with the documentation. However, I also realised that AUTHORIZATION will return just nil if the auth header doesn't exist. Should that be documented? Here's my environment: * Hunchentoot 0.4.4 (no Apache, no mod_lisp) * latest versions (as of today) of dependencies * LispWorks 4.4.6 * OS X 10.4.8 * Safari 2.0.4 * Firefox 1.5.0.7 Regards, Mike P.S. Started migrating our apps from Portable AllegroServe to Hunchentoot this past week. Very pleased with the API and performance. Thanks! -- Michael J. Forster <mike@sharedlogic.ca>