Here’s the flow I’ve used for ASP login areas:



STEP 1

There is a login page which I’ll just call default.asp with the form code for ID/Password. The querystring is the place holder for the failed login message to return. Format anyway you like.









Recap simple and easy:

default.asp

validate.asp

main.asp or any other pages in the secure area

logout.asp