First off you shouldn't have to worry about spiders. How can they get to your subscriber content if they can't login. (Plus the way I recommend to grab that data is not affect by referers.) Second, I'm not sure what you mean by "QueryString and all" since you mention they will be getting to the login page by clicking a link on the page. Also how big will your querystring be? There are a few ways to tackle this: One is to generate a login page when someone attempts to access "member only" content via a function call. This allows you to deal with the login "from within the called page" and gives you IMHO more flexibility than the redirect (option two) since you don't have to pass session variables or querystrings around. Two is to redirect to a login script, but if you want to "get back" you need to pass enough informaiton to the login script to help it redirect back to the "calling" page. You can stuff this information into a Session Object for later retrieval using the Request.ServerVariables("SCRIPT_NAME") and Request.ServerVariables("QUERY_STRING") [which is my preferred method if I can't do option one] or by stuffing this information into a QueryString and handing it off to the login script. Three is stuff all the information into a form and post to the login script. This is a little cleaner from a URL perspective but still not as clean as option one, IMHO. HTH --- Anthony Baratta President Keyboard Jockeys "Conformity is the refuge of the unimaginative."