session variable not updating in btn click event within modalpopup

breaking my head on this one. I have a simple modalpopup with one textbox and a validate btn with a click event. text entered is validated against db for pin number. if valid a session variable 'ses_locked'  is updated. why am i having trouble with this? Also  i placed this tb and btn in a update panel thinking it would partially update, but it does a full page postback. don't get that. appreciate any advise

here is my code

 <ajaxToolkit:ModalPopupExtender ID="ModalPopupExtenderAuthentication" runat="server"

BehaviorID="modAuthenticate" CancelControlID="btnCancel" OkControlID="dummtok"

TargetControlID="dummyButton" PopupControlID="Panel1" PopupDragHandleControlID="PopupHeader"

Drag="true" BackgroundCssClass="ModalPopupBG">

</ajaxToolkit:ModalPopupExtender>

<asp:Button ID="dummyButton" runat="server" Style="display: none" />

<asp:Panel ID="Panel1" runat="server">

<div class="PopupAuthent">

<div class="PopupHeader" id="PopupHeader">

                AUTHENTICATE
</div>

<div class="PopupBody" style="background-color: red;">

<asp:UpdatePanel runat="server">

<ContentTemplate>

<asp:TextBox ID="tbAuthenticate" SkinID="TermTb" runat="server"></asp:TextBox>

<input id="btnCancel" type="button" value="Cancel" style="display: none" />

<input id="dummtok" type="button" value="Ok" style="display: none" />

<asp:Button ID="btnvalidate" runat="server" Text="Login" OnClick="btnvalidate_Click" />

</ContentTemplate>

</asp:UpdatePanel>

</div></div> 

</asp:Panel>

CODE BEHIND

protected void btnvalidate_Click(object sender, EventArgs e)

        {

string retempl = security.Valid(Convert.ToString(tbAuthenticate.Text));

if (retempl != "Unauthenticated")

            {

// user valid, close modals, clear tb and continue.

// add authenticated user to session for reuse.            

                ModalPopupExtenderAuthentication.Hide();

                Session["ses_locked"] = "1";

                tbAuthenticate.Text ="";

           }

else

             {

// user not valid, keep modal open clear tb and retry. lock rest of screen.

 // set session to invalid

                 Session["ses_locked"] = "0";

                lbUser.Text = retempl;

                tbAuthenticate.Text ="";

                ModalPopupExtenderAuthentication.Show();

            }

// at this point ses_locked i already back to null??? why

         }