Session is the best ans for you question... you can have a look at
http://www.asp101.com they have explain how to do the same...

for your experiment I can explain you as below:

When you authenticate the user from 1st stage and if user is correct then
you can display him welcome message of thro.. him direct to the page
wherever you want too. With the same time you have activate user session by
storing his userID and password then you can check each and every page
session is activated or not. if session is not activated its means user is
coming from the wrong side else its correct. Regarding the time limit you
can specify the session expiry time in global.asa or you can do the same in
IIS. To now more about the same you can consult your web administrator or
vist to microsoft.com.

Hope this will help you.
Thanks.

----- Original Message -----
From: "caryn" <aihuey99@y...>
To: "Security_asp" <security_asp@p...>
Sent: Wednesday, October 03, 2001 6:32 AM
Subject: [security_asp] How to check if the cookies has expired?


> I want to limit the below 2 conditions:-
> 1) User who are not logon, incorrect username and pw
> 2) User who are idle for 30 min
> the unathorised user are unable to access to all the pages
> under a folder says /web....while there are >100 pages of
> asp file under /web folder....
> how do i protect all the >100 asp files from accessing by
> the 2 categories user mentioned above?
> do i need to check the presence of cookies on top of
> every single page, if not, what is the easier and simple way?
>
> by the way, what is the syntax of checking of the cookies has
> expire?
>