Hi damini,When a user logs in with a correct login and password then you can assign him a session (default time 20 minutes). Then, on the top of each of your asp pages you should put an include file called for e.g. validate_user.aspIn that file you will verify if the user that is trying to open any page of your site, has an active session, if it's not the case then your redirect him to the default.asp. Got it?Here is the explanation concerning the session object : http://www.w3schools.com/asp/asp_sessions.aspIn your validate_user.asp file you can put something like :
<%If Len(Trim(session("userID"))) <= 0 Then Response.Redirect ("../default.asp")End If%>