diff --git a/product/ERP5/Document/Document.py b/product/ERP5/Document/Document.py
index 0e7259d28d47796f655c9b3b642a6fb05dfdc508..5e9ce2a7383202ae41a08c6c00a9e612a86c9362 100644
--- a/product/ERP5/Document/Document.py
+++ b/product/ERP5/Document/Document.py
@@ -129,12 +129,9 @@ class PermanentURLMixIn(ExtensibleTraversableMixIn):
   # Declarative security
   security = ClassSecurityInfo()
 
-  ### Extensible content
-  def _getExtensibleContent(self, request, name):
-    # Permanent URL traversal
-    # First we must get the logged user by forcing identification
+  def _forceIdentification(self, request):
+    # force identification (usable for extensible content)
     cache = getReadOnlyTransactionCache(self)
-    # LOG('getReadOnlyTransactionCache', 0, repr(cache)) # Currently, it is always None
     if cache is not None:
       key = ('__bobo_traverse__', self, 'user')
       try:
@@ -180,14 +177,23 @@ class PermanentURLMixIn(ExtensibleTraversableMixIn):
                     # do not try to change SecurityManager
       if cache is not None:
         cache[key] = user
+
+    old_manager = None
     if user is not None:
       # We need to perform identification
       old_manager = getSecurityManager()
       newSecurityManager(get_request(), user)
+
+    return old_manager, user
+
+  ### Extensible content
+  def _getExtensibleContent(self, request, name):
+    # Permanent URL traversal
+    old_manager, user = self._forceIdentification(request)
     # Next get the document per name
     portal = self.getPortalObject()
     document = self.getDocumentValue(name=name, portal=portal)
-    # Last, cleanup everything
+    # restore original security context if there's a logged in user
     if user is not None:
       setSecurityManager(old_manager)
     if document is not None: