Web page security

How can I prevent a logged-in user without a certain privilege to go to a restricted page by manually typing the address? I am presently checking session variables to determine if the user has the right access, and if not, to redirect him to the login page. It used to work, but now it doesn’t, so I’m looking for a better way. I’m using ASP for the web pages.