Hello

I have written a reasonably complex DB search engine and I now want to add some login facility. This is something I haven't done or looked at before, so I would like some advice. I am not asking how to do these things (not yet anyway), rather am I looking at it in the right way...

Here is a rough plan of what I might do:

When login page is submitted, query a DB and either deny entry or load page with items depending on user-specific permisissions (set in the DB).

Add username to session variable.

Use FSO to create a log file of all subsequent search queries, either separate log file for each user (named username.log or something) or one big file.

Is that the way to go, or are there any other things I should be doing? Any input would be appreciated.

Thanks