Thanks Tim.

One other thing, what's the best way to authenticate usernames/passwords? The most straightforward seems to be to pass the user/password to another asp and then that will call the COM and validate it, but the username/password is then sent over the wire in a non-encrypted form.

Kev

>>>>Hi
>>>>
>>>>Can someone advise on the best way to handle users logging in using ASP's.
>>>>
>>>>I have a VFP COM installed on the server which I can call a method Login(cUser, cPassword) to return true or false, but I also want each page to check the status using a logical property in the COM, and if the user is not logged in, to force them back to the main page to login.
>>>>
>>>>Any suggestions?
>>>>
>>>>Thanks
>>>>Kev
>>>
>>>Here is a method I have used several times:
>>>When the user logs into the site, set a flag and persist it throughout your site. Create an include file that checks the value of this flag and loads the appropriate page based on the value.
>>
>>Thanks Tim, how do I load the page from the include file?
>>
>>Kev+
>
>If the user is already logged in, load the current page. If the user is not logged in, redirect the user to the login page.
>
>Example:
>Response.Redirect "login.asp"
>
>You have to issue the redirect before sending any content to the browser. If you are using IIS 5.0, I would use the Server.Transfer method. This will redirect the user to the specified page and also pass any Request object values without a round trip to the browser.