LifeinAsia - 4:51 pm on Sep 20, 2010 (gmt 0)

Normally, I set a cookie with the user's username. All pages in the member's area check for the cookie and redirects to the logon page if not found. One possible method is to set the membership expiration date as the cookie expiration date. (However, if the user cancels the membership, the cookie would still be valid and allow the user to continue to have access.)

As a secondary check, you can query your database using the cookie to verify that the membership has not expired. However, that means an extra hit to the database every time a member's-only page loads. (Depending on your application server, you might be able to cache those queries to cut down on the overhead.) If it's not a lot of pages, the overhead may not be too bad.