What happens if the 5 users are on a different PC or delete the cookie? What
if someone else uses their PC to access the site?

A login is a better choice.

Bob Lehmann

"MDW" <anonymous@discussions.microsoft.com> wrote in message
news:E81C2D90-F605-4EFF-8F54-F73B3ACB5544@microsoft.com...
> This is probably the dumbest question I've ever posted, but I'm honestly
confused here.
>
> I've heard/read a lot of things about cookies in various books and NGs.
Among them -
> 1. You can't set a cookie anytime after the <html> tag is sent to the
client
> 2. You need to set Response.Buffer=True to set a cookie
>
> Is that true, or not?
>
> I know that to set a cookie, you use Response.Cookies("CookieName") =
SomeValue and to read the cookie, you use somevalue =
Request.Cookies("CookieName")
>
> Is there more to it than that?
>
> I'm trying to create some "convenience" factors to a site I'm building.
For instance, there is a section of the site that is off limits to most
people - out of 600 + users, only about 5 of us can access it. Rather than
stuff that behind a login process, what I want to do is test for the
presence of a cookie, and if it is not there (or has the wrong value),
redirect the users away from that page. I'd create a seperate page that sets
the cookie to the designated value, and take it offline after everyone has
viewed it (and had their cookies set).
>
> Is that a disasterous security situation, or could it be feasible assuming
that all the users in my universe can accept cookies?