How do i make sure a user has to login before he access any other pages(even if he types in the URL).<BR><BR>I know how to do it with sessin variables. Is there a way to do it without session variables?
<BR>Using some entry page (e.g., default.asp), establish the user's identity. Then send the user off to some sub-page (e.g., base.asp). In all subsequent sub-pages include some initial code at the top to test whether an identity has been established.<BR><BR>In low-volume web-app's i'd use a Session("strIdentity") type of variable, mostly cause it's cleaner and less of a security risk than cookies. On mid/high volume webapp's write the established identity (preferably some reverse resolvable code) to a cookie, and have the test resolve this code as being legitimate or not.<BR><BR>.rob