David
I'll share my ignorance and attempt to tackle your first question.
You can use Cookies to store and test for whether a request for a web page should be honored.
Example:
Create a Cookie called 'passed' during the login process. IF the user is validated THEN set passed="TRUE", otherwise set passed="FALSE".
In each web page use some code like this:
if (request.cookies("user")("passed")="FALSE") Then
response.redirect("sorry.htm")
end if
if (request.cookies("user")("passed")="") Then
response.redirect("sorry.htm")
end if
If you accidentally leave a link (such as a menu option) open and available, the 1st opion will block anyone not authorized by the system.
If someone tries to open the page without going through the Login process and getting authorized, the 2nd IF block will catch them because it tests for NO value...ie, they didn't even Try to get in through the Login.
You can Redirect them anywhere you like.
The ADO help files that come with the MSDN library, ADO200.CHM, are very good.
As for Opening and closing ADO connections, that's how it all works... connections between Clients (browsers) and Servers have to be opened and closed each time a data function is required....sort of goes against the grain of 'normal' programming.
Here are some basic resources:
http://www.w3schools.com/ado/default.asphttp://www.able-consulting.com/ADO_Conn.htmhttp://www.devguru.com/Technologies/ado/quickref/ado_intro.htmlI hope this will get you started in the right direction.
Regards
David