I&#039m having to create a restricted access area to manage access to a certain section of a site. Hosting providers are notoriously anti registering third party apps and DLL&#039s which is understandable. I therefore want to use the boolean method as measured against the Global.asa on per session basis as described in the article Simple Authentication . My question is: "Is this adequate security and how easily can it be compromised?" I realise that if someone is hell bent on hacking something he will probably find a way but I&#039m looking for at least reasonable certainty. <BR>Thanks