Is there any other way to provide user authentication and then restrict access to subsequent pages other than using session variables or querystrings?<BR><BR>My problem with the those options are:<BR><BR>1. Session variables require cookies - some browsers don't accept cookies<BR>2. Querystrings can be changed by the user and therefore can be circumnavigated<BR><BR>I know this is a novice question - I'm a novice. I really appreciate any advice....<BR><BR>In this same vein, I also am struggling to find out how to allow users to modify record details because I am using querystrings (ie. modifyrecord.asp?recordid=3) to determine the record to be modified (users are only allowed to modify their own posts). However, the user can easily modify other users records simply by changing the querystring (ie. modifyrecord.asp?recordid=4) on the edit page.<BR><BR>Is there another way to single a record out for the update page without using such a visible and easily accessible technique as the querystring?<BR><BR>Once again... a novice's question. I'm just looking to be pointed in the right direction. I'll try to figure it out from there.<BR><BR>Thanks in advance.