ASP password/login

Hello

I have written a reasonably complex DB search engine and I now want to add some login facility. This is something I haven't done or looked at before, so I would like some advice. I am not asking how to do these things (not yet anyway:)), rather am I looking at it in the right way...

Here is a rough plan of what I might do:

When login page is submitted, query a DB and either deny entry or load page with items depending on user-specific permisissions (set in the DB).

Add username to session variable.

Use FSO to create a log file of all subsequent search queries, either separate log file for each user (named username.log or something) or one big file.

Is that the way to go, or are there any other things I should be doing? Any input would be appreciated.

Thanks

What you will want to do is query the database with the username and password(make sure you are not returning the correct password to the page in case an error occurs and will then possibly display it). If you find a match, then they are in and you can session the username if you want, maybe an id would be better. Also, if there are going to be different levels of security, you can session a variable for the security that you can check on each page to see if the user has appropriate rights to access the page. On my site, I do this with an include file and register every page in another table with the security level needed to access the page. As for the log file, I don't know if that is the way to go, or if you would be better off just logging this in a table. I would go with the table, because it will be easier to retrieve and generate user statistics, if that is what you are going to use this for. However, if you are going to use a log file, I would use a separate file for each user, otherwise you might have problems with locking of the file while in use by different users.