<%
dim strlogin
dim strpass

strlogin = request.form("login_form")
strpass = request.form("pass_form")

queryStr2 = "SELECT * FROM T_personne WHERE (login_personne = '"&strlogin&"') AND (Pass_personne = '"&strpass&"')"
set PassRec = Cndb.Execute(queryStr2)

if (PassRec.EOF) Then
Response.Redirect ("refuse.asp")
End If

login = PassRec("Login_personne").value
question = PassRec("Quest_personne").value

%>

Remarque : il faut enlever les quotes ( ' ) dans WHERE, si la variable est numérique.