I have been reading on this subject in several books and I am still not clear on some of it. My ISP has three directories, /web, /scripts, /db. The /web is my root directory and all html goes there. All of my ASP scripts have to go into the /scripts directory. <BR><BR>The plan for my site is several different sections, some of which are to be password protected. Is the best way to deal with pw protection to set check/set a session var the first time anyone visits &#039any&#039 of the pages? <BR><BR>I thought each section (each section is another application) would go in its own directory. If I want to track all people, who enter any of my sections, where does my global.asa go? I understood this file to be application specific but each of my &#039sections&#039 are really different applications. <BR><BR>If you put a global.asa in your root directory is this like object oriented where a directory underneath it uses the same global.asa unless I put a different one for that part of the application only? <BR><BR>Most of the books explain this but not with regards to actually putting one in use so I am sort of confused. Any suggestions or thoughts? Thank you.