I need to pass users from a PHP/apache message board to an IIS site that has some level of security. Right now I have it set up that the click on a link in the php/message board. The asp site gets the serverVariable http_referer to see if they came from the proper URL.<BR><BR>However, for some of my users this doesn't work. The serverVariable for http_referer is blank. For others it works fine.<BR><BR>Any ideas? Also I know http_refer isn't that secure. Is there an alternative way to ensure that they are coming to the ASP site from the PHP site?<BR><BR>thanks!