so your first script does it's thing and then at the end it posts itself to the other company's script. what's wrong with that? -----Original Message----- From: Darren [mailto:Darren at web-bitch.co.uk] Sent: Tuesday, August 14, 2001 10:28 AM To: David at softv.net Subject: Re: [thelist] ASP posting form data On 14 August 2001 at 15:20:36, David at softv.net <David at softv.net> wrote: Dsn> Why use a session variable? Just tack the xml string on to the Dsn> redirect as a querystring Dsn> Response.Redirect("otherpage.asp?xmlstring=blah") ...and... On 14 August 2001 at 15:18:04, Tab Alleman <Tab.Alleman at RealMetros.com> wrote: TA> Would this be preferable to putting it into a hidden form variable and TA> posting it to the new page for some reason? unfortunately the first script needs to do its thing on the form data to generate the xml-based string. we don't really want to pass it through the querystring as the data could be quite sensitive and let malicious users get access to data they shouldn't be seeing. this will largely be taken care of through the processing of the results, but there's no point in leaving them something to play with. hth, darren. --------------------------------------- For unsubscribe and other options, including the Tip Harvester and archive of TheList go to: http://lists.evolt.org Workers of the Web, evolt !