Index: openacs-4/packages/xotcl-core/tcl/50-protocol-handler-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/50-protocol-handler-procs.tcl,v
diff -u -r1.13 -r1.14
--- openacs-4/packages/xotcl-core/tcl/50-protocol-handler-procs.tcl	1 Feb 2018 21:58:01 -0000	1.13
+++ openacs-4/packages/xotcl-core/tcl/50-protocol-handler-procs.tcl	28 Feb 2018 07:48:22 -0000	1.14
@@ -39,9 +39,8 @@
                             -password $password]
         if {$auth(auth_status) ne "ok"} {
           :debug "auth status $auth(auth_status)"
-          ns_returnunauthorized
           set :user_id 0
-          return 0
+          throw {AUTH UNAUTHORIZED {unauthorized}} $auth(auth_status)
         }
       }
       :debug "auth_check user_id='$auth(user_id)'"
@@ -53,6 +52,7 @@
       ad_conn -set untrusted_user_id 0
     }
     set :user_id [ad_conn user_id]
+    return 1
   }
 
   ProtocolHandler ad_instproc initialize {} {
@@ -95,10 +95,20 @@
       ns_returnunauthorized
       return filter_return
     }
-    
-    # set common data for all kind of requests 
-    :initialize
 
+    #
+    # Set common data for all kind of requests. A possible outcome is
+    # that we we cannot proceed (authentication failure), so we have
+    # to trap such cases.
+    try {
+      :initialize
+    } trap {AUTH UNAUTHORIZED} {errorMsg} {
+      ns_returnunauthorized
+    } on error {errorMsg} {
+      ns_log error "ProtocolHandler: exception during initialization: $errorMsg"
+      return filter_return
+    }
+
     # for now, require for every user authentification
     if {${:user_id} == 0} {
       ns_returnunauthorized