i need some advice.. I am doing a login function, which the login page (which contains session) was in aspx. After successfully login, the user will be redirected to a html page (which i want to retrieve session from the login page). After the session expires, the user will be prompt to login again. After successful login, he will be redirected back to the page where he was in just now.

I tried google it, but i can't find any matching ideas...

Can kind souls help me with it?

thank you

You can do what you are asking for as long as you don't use the .html extension. It is possible to retrieve session values at the clientside, but in this case you are creating a login facility and I do not recommend using clientscript for that.

You can put whatever you decide into a session variable and use that from any page you decide using the .asp extension.

However, after a successful login has been done, you can use some unique value from a database and put that or these into session variables like this.

If Not RecordSet.EOF Then
 Session("id") = RecordSet("userid")
 memberid = Session("id")
 Session("valid") = True
End If

In the somememberpage.asp or other pages that should be protected you can put in a few lines of code (in the top of the page) to check if the user session is valid or not. If it is not, then just redirect the user to the logon page. A session lives for 20 minutes by default, so if there is activity from the user during that period, the session dies.

If Session("valid") <> True Then
End If

This is a simple example how you can do, and there is other ways to make it more secure if it's needed.

Now, there is a problem to know where the user was before the session died. One way doing that is to store all clicks/and/or last visited links into a database table together with the userid and after a new login, the user redirects to the last visited page.

Create a table with a few fields that can hold memberid, datetime and the last visited page and update that table everytime the user click on a link. You can use server variables to see what pages the user has opened. Request.ServerVariables("URL").