I'm starting to call ASP and .NET web pages from within a classic asp application using Ajax, but I don't know how to make sure users are authorized to call the method.
Will classic asp pages called from client script retain the session variables of the caller?
Should I retrofit the ASP application to do session in the DB and use that value?