We have another department that are responsible for setting up the servers, but the OS is Windows Server 2003 R2 Enterprise Edition sp2. We are using IIS 6.

I am going to try with the two pages, but there shouldn't be any code getting in the way. The startup page is set as default.aspx. So once logged in it should go to this page, because I even do a force response redirect in the HookUserAuthenticated page.

I think the problem lies somewhere in the this.Login() method. When I was tracing it last week, after logging in it was going to a MessageDisplay.aspx page for whatever reason. If I remember correctly it was hitting a MessageDisplay.Display() without any parameters. As I said by checking the session variable for UserSecurity I was able to control this in the dev environment. When I deployed it continued doing the same thing. I completely wipe out the directory with each deploy and I flushed the internet cache.

I am wondering if I should override the form Login() method?