I am thinking maybe I just need a counter instead... working on it. Open to suggestions. Thanks

This seems to work, but I am just a beginner at this. Any tips/ suggestions?




Partial Class logins_Default
Inherits System.Web.UI.Page





Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click



If txtUser.Text = "user" And txtPassword.Text = "pw" Then
Response.Redirect("somepage.aspx")

Else




lblError.Text = "Incorrect user/pw"

Session("mynumber") = Session("mynumber") + 1
Response.Write(Session("mynumber"))

End If





If Session("mynumber") > 10 Then
lblError.Text = "Too many tries. Try again later."
'lock them out
End If









End Sub

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Page.IsPostBack Then
Session("mynumber") = Session("mynumber") + 1
Else
Session("mynumber") = "1"
End If


End Sub
End Class

In your original code, you always executed the line to create the count field and initialize it to 0. So it never even exceeded 1.

You could create it as "static" and it will retain it's value over postbacks. Additionally you could store the value in ViewState. It is much like your solution with Session except that if the user sits idle for 20 minutes the session will expire and your code would fail again.

Thank you.

I'm not sure why you are doing this , but if its to prevent the automated hacking of web forms it wont work, the software used sets the session cookies as required. You need to persist the data to a database or text file and add a time delay on each failed login.