I am trying to build an intranet web app that would need access control (different modules are allowed/denied to different groups of users). I am thinking about putting a handle that checks credentials and then lets routing to continue to match the rest of the route. /app/moudle1 <- Here i check the credentials /app/moudle1/path1 <- If credential are OK, then the handler falls in here. /app/moudle1/path2 How do i do that with yesod ? Is it something that needs a subsite ? I would appreciate a small example. It would help me a lot. ----------------- Another question, Is there a way a automatically and transparently for developer encrypt part (or all ) of the url. Like this: www.website.com/app/jshdfbjkshabfjhvkjvjaksvdfjhvasjdhvfkjshadfhjasdhfkjasfjsvahf where the encrypted part will be converted to normal route by the rounting handler, and when urls are generated, encrypted back. Of course using a separate key for each user/session. Regards, Vagif Verdi