I&#039;m currently working on a project that requires some security. The particular security may only apply to a certain part of the website, so we only allow certain users to even see particular parts of the website. There are seven categories a user can fit into, in any combination.<BR>· Owner <BR>· Reviewer <BR>· Viewer <BR>· Author <BR>· Manager<BR>· Approver<BR>· Administrator <BR>It&#039;s perfectly possible for a user to be marked for Owner and Reviewer, or Administrator and Author, or any combination thereof. <BR><BR>The problem I’m having is I have a root website with many virtual sites off it. If a user logs into WebsiteA with security permissions Administrator and go to WebsiteB bypassing the logon screen they are inheriting or keeping the security of WebsiteA as Administrator.<BR><BR>I would like it so a user logs in once and the security is known for WebsiteA to Z. How do I do that? I’m assuming I would have to change it to something like this. <BR>Session.Contents("WebsiteA.Owner ") = objRS(11), <BR>Session.Contents("WebsiteB.Owner ") = objRS(11), <BR>Session.Contents("WebsiteC.Owner ") = objRS(11). <BR><BR>But there must be an better way. I was given this website. http://www.infinitemonkeys.atrax.co.uk/infinitemonkeys/articles/asp/918.asp with this example of using a binary system. This addresses a good design of adding new categories that arise, but same issue of people bypassing my security.<BR><BR>Suggestions.<BR>