I am relatively new to ASP. I have developed a small intranet for my employer and I am curious to see if I can improve upon the way I built it (Everything is performing fine I am just curious). The intranet is only used by 10 people and the max simultaneous users is around 4-5. I am using an access database. Basically, when a user successfully logins a session variable with a field in the database is created (session security = objrs("security_level")). This variable is used to check the logged in users security level and authorized them accordingly. I know session variable are bad and hurt server performance and I also know that objects should not be placed in session variable. What is another method I can use to achieve the same results.