No I don't think so... from what I can debug, it is actually using session auth, but how do I switch to cookiebased authentication?
Or does someone have a patch so that the http_server logs based on sessions? I have, what seems to be, a session ID (ZopeID) but I havent found a way to translate this information into a username.