Use the front door, please!
If you require visitors to log in to your site upon each visit, here's a simple way to make sure that they always do so before gaining access to the information on your site. Suppose you require the user to enter their first name into a form on your default.asp page and submit it prior to moving on to main.asp. That's a good start, assuming that your visitors all access your site via the default.asp page. However, unless you take the technique a step further, it would be easy enough to access the content of your site by pointing the browser to a specific page in your site, such as main.asp. You can prevent users from bypassing the default.asp with just a few lines of code.
First, when you process the form data containing the visitor's first name, write the name to a Session variable, as follows: