I am trying to implement security on a web site. My boss has instructed me to do a system where the links on the page won't be seen if the user doesn't have the correct securtity level setting. I am thinking though that if the user knows the name of the page they could just type in the url and go there. I already have a session var set so that if they havent logged in it will take them back to the login page but what if they have logged in then type the name of the page they are not allowed to access. Does anyone have any great ideas about implementing security here?