With Cookie based protection, I want the user to login once,
access to multiple different directories.
Cookie Site Wide Value (CookieSWValue) is the best tool for this.
However if you want different per-directory restrictions the following will apply:
' lookup up the user in the database, ' figure out which directories+URLs he has access to ' for each directory+URL do this: protectedAbsPath = "c:\aspmail\ACookieLogin\example2\members\" protectedDirectory = "/aspmail/ACookieLogin/example2/members/" cookieName = AuthX.CookieLoginCookieName(protectedAbsPath, _ protectedDirectory _ ) cookieValue = AuthX.CookieLoginValue(serverName, _ protectedAbsPath, _ Request.Form("USERNAME"), _ Request.Form("PASSWORD") _ ) response.Cookies(cookieName) = cookieValue response.Cookies(cookieName).Path = protectedDirectoryCookie-based protection must actively set the cookie on the browser for each protected directory via ASP, rather than Basic which passively rejects unauthorized access with a 401 reject message.
With Basic Authentication, the browser automatically caches the username and password for each directory. With cookie-based protection it is necessary to emulate this behaviour.
You may want to have a single login for the entire protected area (/members in this example), and yet discriminate access between each of several sub-directories. For example
/members/secretaries /members/developers /members/managers /members/administrators /members/executives /members/financeIf you are using the AuthentiX internal database, then conditionally set the appropriate cookies (within if/then/else/end if) depending on the USERNAME's groups, using UserGroups. or GroupHasUser..
If you are using an ODBC database, then use ADO and set the appropriate cookies based on the query results for that user.
The directories you set for cookie protection are case sensitive. If you protect "c:\inetpub\wwwroot\membersonly" links to "c:\inetpub\wwwroot\MEMBERSONLY\asecretPage.htm" will take you back to the login page with "Denied_Empty".
Also check out CookieSWValue for an alternative choice for cookie validation.