Hi,
I am securing my webpages that I want no one to access it, I know that I can use the membership and roles given by asp.net to do that but I don't want to use them what I am doing is that I added a login button on the page that all users have access to it and then with this login button you need to add your username and password when you press on this button you got the username and password saved in a session so the page load method of the next page will see those sessions if they are registered in the table it will load the page otherwise it will redirect the user to the previous page..
So first of all is this method secure? can anyone add a whatever username or password such as the usernames and passwords used by hackers to access the page?
and how to chage the session timeout I've found this topic :
http://forums.asp.net/t/1283350.aspx
but I don't know if I must do that on the webhosting server or where?
thanks.