If a user has logged onto an ASP web page and a session("loggon") is set to true. By checking at the start of each page whether this variable is set to true I am assuming is an easy form of page security. Is this correct?
I also tend to store the user ID into a session variable and use this to place the desired dynamic content onto the page for each client.
Sessions are usualy fairly safe. I have heard of people "Hijacking" Sessions by stealing the cookie off of another persons computer. Very tinny threat and as far as I can tell has not happend to anyone using any of my systems.
If you want to go even safer then you would probably use a database as well or NT Accounts and even SSL, it all depends on how secure you want your application to be, how fast your servers are and if it is really neccasary to go to that complexity.