In my login page, when the password is wrong,
there is
response.redirect "login.asp"

But the loginname too is blanked out and the page is displayed again.

I have a session variable for the login name but i am not sure how to pass this on so that only the password is blanked out on redirecting.

Any help would be appreciated.
Thanks.

I'm assuming you are passing the values from the Form on submit back to your login page for processing AND using method=post. (You could also have it the submit action access another page, but keeping all your login code on one page is probably the best way to do it).

You will need to do something like this for your <INPUT> tag:


<%If Len(Request.Form("txtName")) > 0 Then%>
<INPUT type=Text name=txtName value=<%=Request.Form("txtName")%>>
<%Else%>
<INPUT type=Text name=txtName>
<%End If%>



When the form data is submitted back to the page, it will display the name that was there before.

If you are using a second page to handle the password checking, you can use a querystring to pass the name to the login page:


<%
Response.Redirect "Login.asp?" & Request.Form("txtName")
%>

'Then on your login page do this:

<%If Len(Request.Querystring("txtName")) > 0 Then%>
<INPUT type=Text name=txtName value=<%=Request.Querystring("txtName")%>>
<%Else%>
<INPUT type=Text name=txtName>
<%End If%>




Hope this helps

well, as far as I can see it, you can use:
if you are using the form ..

<INPUT type=Text name=txtName value=<%=Request("txtName")%>>

if there is no "txtName" anywhere, it will just stay blank (no need for those if statements).

if you have the session variable set up correctly then you can do:
<INPUT type=Text name=txtName value=<%=session ("USERNAME")%>>

I'm not sure how many people you are expecting to use this page but you should make sure you are clearing the sessions after each one is no longer needed. If not your server will leak memory very fast.

There is actually no need to use the session object if the login failed. Only populate the name into the session object if the login was successful. But, that is a valid point. a Session.Abandon at the top wouldn't hurt.