I have a site that has info i woul like to protect. I have a login page of course. Also, All the other pages have an include file which checks "HTTP_Referer", to make sure that the user is coming from the http://ip/virtual directory. How secure is this method. Is "HTTP_Referer" easy to defeat. Are there other methods I should use. Some of my pages are in asp.net, but I could not get cookies to work for those.