Dear all
I have few problems with my login page, everything works nicelly,
a user can login and the site checks if the user exsists in the database and in case he exsist the user will be redirected to the member page. The problem appears in the member page:
- Problem number one:
if someone logs in the first time he can save the member.asp page to the favourites and he will be able to open this page every time he likes. This should not happen , what code should i add to the member page to redirect the user to the login page?

- Problem number two:
The user informations are all in an access file in a separate folder (member). Anyone can download this file if he understand that the file is in the member folder, i don't want that the user will be able to download the acces file, what should i do ??

Thank
Yael

Problem 1:



When a member logs in you should set a session variable (for example a session id code generated from the date + a random number).

e.g.
Session("sessionID") = Day(Date) &_
Month(date) &_
Year(Date) &_
[a function that generates a randome number]

In the header of the members' page, before anything other else, have this code:


If Session("sessionID") = "" then
'// if not logged in then they get sent to login page
response.redirect("your_login_page.asp")

end if

Alternatively, you can set a cookie on the member's pc so that if they're not logged in you can look for a cookie containing their username and password. You can then use this to log them in automatically.

Hope this helps

Thanks for your help