I want to protect a page from a user just typing in the URL. Most say to use HTTP_REFERER, but that is not an option. Others say use a session.<BR><BR>How do I use a session in this case?<BR>A user is redirected to my site from a membership verification site. When they get to my page, I know they have been verified and paid their money. <BR><BR>So, how do I use a session in this case? An unpaid user could type in the URL to this verified page and be "marked" as paid. I can't do what some say which is set a session for when a user is logged and then check that at each page to confirm the user is logged in. The users just come directly to this page from an outside source.<BR><BR>Any ideas??