I'm having problems with a login page that I created from a tutorial in Dreamweaver MX Magic (good instructions, but I'm doing something extra which is causing the problem). Rather than using Dreamweaver's Log User In server behavior, it uses a Recordset on a 2nd .asp page. It also creates a session variable.

I'd like to be able to track individual users' usage of the various pages on the site, as well as their input from several forms. I thought that the easiest way to do this would be to have each page update a record in a table on the database. I've built an Access database with related tables for this.

The only problem is that it doesn't work. I thought that the session variable would help me keep the records together. The form data that is posted to the database is separate from the user who has logged in and the update record doesn't update the record.

What am I doing wrong?

Here's the code from the page the login information goes to:


<pre id=code><font face=courier size=2 id=code> </font id=code></pre id=code> <pre id=code><font face=courier size=2 id=code>&lt;%
Dim rsLogin__varUsername
rsLogin__varUsername = "0"
If (Request.Form("tfUsername" &lt;&gt; "" Then
rsLogin__varUsername = Request.Form("tfUsername"
End If
%&gt;
&lt;%
Dim rsLogin__varPassword
rsLogin__varPassword = "0"
If (Request.Form("tfPassword" &lt;&gt; "" Then
rsLogin__varPassword = Request.Form("tfPassword"
End If
%&gt;
&lt;%
Dim rsLogin
Dim rsLogin_numRows

Set rsLogin = Server.CreateObject("ADODB.Recordset"
rsLogin.ActiveConnection = MM_connUsername_STRING
rsLogin.Source = "SELECT Username, Password FROM Users WHERE Password = '" + Replace(rsLogin__varPassword, "'", "''" + "' AND Username = '" + Replace(rsLogin__varUsername, "'", "''" + "'"
rsLogin.CursorType = 0
rsLogin.CursorLocation = 2
rsLogin.LockType = 1
rsLogin.Open()

rsLogin_numRows = 0
%&gt;

&lt;% If Not rsLogin.EOF Or Not rsLogin.BOF Then %&gt;
&lt;% Session("MM_Username"=Request("tfUsername"%&gt;
&lt;%Response.Write(Session.SessionID)%&gt;
&lt;p align="center" class="nodecoration"&gt;You have been successfully logged on. &lt;a href="menu.asp"&gt;Click
here to continue.&lt;/a&gt;&lt;/p&gt;
&lt;% End If ' end Not rsLogin.EOF Or NOT rsLogin.BOF %&gt;
&lt;/blockquote&gt;
&lt;blockquote&gt;
&lt;% If rsLogin.EOF And rsLogin.BOF Then %&gt;
&lt;p align="left" class="nodecoration"&gt;Your username or password
is not valid. &lt;a href="login.asp"&gt;Click here to try again.&lt;/a&gt;&lt;/p&gt;
&lt;% End If ' end rsLogin.EOF And rsLogin.BOF %&gt;

Here's the code for the page that I'm trying to track usage of:

' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="0,5"
MM_authFailedURL="login_failed.asp"
MM_grantAccess=false
If Session("MM_Username" &lt;&gt; "" Then
If (false Or CStr(Session("MM_UserAuthorization")="" Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization")&gt;=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?" &gt;= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL"
if (Len(Request.QueryString()) &gt; 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%&gt;
&lt;!--#include file="Connections/connUsername.asp" --&gt;
&lt;%
' *** Edit Operations: declare variables

Dim MM_editAction
Dim MM_abortEdit
Dim MM_editQuery
Dim MM_editCmd

Dim MM_editConnection
Dim MM_editTable
Dim MM_editRedirectUrl
Dim MM_editColumn
Dim MM_recordId

Dim MM_fieldsStr
Dim MM_columnsStr
Dim MM_fields
Dim MM_columns
Dim MM_typeArray
Dim MM_formVal
Dim MM_delim
Dim MM_altVal
Dim MM_emptyVal
Dim MM_i

MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME")
If (Request.QueryString &lt;&gt; "" Then
MM_editAction = MM_editAction & "?" & Request.QueryString
End If

' boolean to abort record edit
MM_abortEdit = false

' query string to execute
MM_editQuery = ""
%&gt;
&lt;%
' *** Update Record: set variables

If (CStr(Request("MM_update") = "form1" And CStr(Request("MM_recordId") &lt;&gt; "" Then

MM_editConnection = MM_connUsername_STRING
MM_editTable = "Users"
MM_editColumn = "UserID"
MM_recordId = "" + Request.Form("MM_recordId" + ""
MM_editRedirectUrl = ""
MM_fieldsStr = "access|value"
MM_columnsStr = "security|none,none,NULL"

' create the MM_fields and MM_columns arrays
MM_fields = Split(MM_fieldsStr, "|"
MM_columns = Split(MM_columnsStr, "|"

' set the form values
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_fields(MM_i+1) = CStr(Request.Form(MM_fields(MM_i)))
Next

' append the query string to the redirect URL
If (MM_editRedirectUrl &lt;&gt; "" And Request.QueryString &lt;&gt; "" Then
If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0 And Request.QueryString &lt;&gt; "" Then
MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
Else
MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
End If
End If

End If
%&gt;
&lt;%
' *** Update Record: construct a sql update statement and execute it

If (CStr(Request("MM_update") &lt;&gt; "" And CStr(Request("MM_recordId") &lt;&gt; "" Then

' create the sql update statement
MM_editQuery = "update " & MM_editTable & " set "
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_formVal = MM_fields(MM_i+1)
MM_typeArray = Split(MM_columns(MM_i+1),","
MM_delim = MM_typeArray(0)
If (MM_delim = "none" Then MM_delim = ""
MM_altVal = MM_typeArray(1)
If (MM_altVal = "none" Then MM_altVal = ""
MM_emptyVal = MM_typeArray(2)
If (MM_emptyVal = "none" Then MM_emptyVal = ""
If (MM_formVal = "" Then
MM_formVal = MM_emptyVal
Else
If (MM_altVal &lt;&gt; "" Then
MM_formVal = MM_altVal
ElseIf (MM_delim = "'" Then ' escape quotes
MM_formVal = "'" & Replace(MM_formVal,"'","''" & "'"
Else
MM_formVal = MM_delim + MM_formVal + MM_delim
End If
End If
If (MM_i &lt;&gt; LBound(MM_fields)) Then
MM_editQuery = MM_editQuery & ","
End If
MM_editQuery = MM_editQuery & MM_columns(MM_i) & " = " & MM_formVal
Next
MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " & MM_recordId

If (Not MM_abortEdit) Then
' execute the update
Set MM_editCmd = Server.CreateObject("ADODB.Command"
MM_editCmd.ActiveConnection = MM_editConnection
MM_editCmd.CommandText = MM_editQuery
MM_editCmd.Execute
MM_editCmd.ActiveConnection.Close

If (MM_editRedirectUrl &lt;&gt; "" Then
Response.Redirect(MM_editRedirectUrl)
End If
End If

End If
%&gt;
&lt;%
Dim Recordset1__MMColParam
Recordset1__MMColParam = "1"
If (Session("UserID" &lt;&gt; "" Then
Recordset1__MMColParam = Session("UserID"
End If
%&gt;
&lt;%
Dim Recordset1
Dim Recordset1_numRows

Set Recordset1 = Server.CreateObject("ADODB.Recordset"
Recordset1.ActiveConnection = MM_connUsername_STRING
Recordset1.Source = "SELECT * FROM Users WHERE UserID = " + Replace(Recordset1__MMColParam, "'", "''" + ""
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 1
Recordset1.Open() </font id=code></pre id=code>