Is there any way to make sure that a login submission for forms authentication originated from the local login.aspx page rather than some remote page?
Request.ServerVariables("HTTP_REFERER") shows you where the user came from. In this case, it should be your login page. It's a full http URL. <BR><BR>