Page to be Protected:

<MM:BeginLock translatorClass="MM_SSI" type="ssi_comment" orig="%3C!--#include file=%22notloggedin.asp%22 --%3E" fileRef="notloggedin.asp" depFiles="file:///C|/Documents and Settings/All Users/Documents/nvcc/webdev/webdev12/bill/notloggedin.asp"><% if Not Session("loggedin")="y" Then 
  Response.Redirect("login.html")
End If %><MM:EndLock>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Data Page</title>
</head>
<body>
Hello
</body>
</html>
--------------------------------
Login Form:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Password</title>
</head>
<body>
<form method="post" action="loginaction.asp">
Password <input type="password" name="password">
<input type="submit" value="Login">
</form>
</body>
</html>
--------------------------------
Login Action Page:

<% if Request.Form("password")= "bill" Then 
   Session("loggedin")="y" 
   Response.Redirect("data.asp")
Else Response.Redirect("login.html")
End If %>
--------------------------------
Code to be server-side included at top of pages to be protected:

<% if Not Session("loggedin")="y" Then 
  Response.Redirect("login.html")
End If %>
--------------------------------