i'm building an app that requires me to connect to another server in the company to do employee authentication. one connects to that site, passing a return URL. it verifies the employee, sets a cookie, and redirects to the URL you gave it. so, in a document i want to protect, say, ChangePerson.dtml, i've got something like: <dtml-if "REQUEST.cookies.has_key( 'attESSec' )"> ...regular actions for the page... <dtml-call "RESPONSE.expireCookie( 'attESSec' )"> <dtml-else> Missing attESSec cookie! <dtml-call "RESPONSE.redirect( 'http://othersite/cgi-bin/authenticate?retURL=http://mysite:8080/ChangePerson...' )"> </dtml-if> note that the URL i redirect to expects two parameters, retURL says where to return, and sysName is an application name given when i registered to use their services. so far, so good. the problem is, my document expects to be called with some parameters passed, like: <a href=ChangePerson?hrid=1234567&name=garry>Change</a> now, i can't encode these parameters in the retURL i pass the other site, as i get a "malformed syntax" error. so, my question is, how do i make this information available to my script on the return? do i set a variable in the container? set a cookie? or is there some better way? to broaden a bit, how does one pass information around in general? so far, i see several methods, for calling: External Method: piece of cake. real live arglists, like god intended. DMTL Doc from form: form variables, mixing hidden vars in for other stuff. HTML links: cgi-style syntax, leads to ugly URLs. is this the right way to do things, or am i missing something? -- Garry Hodgson Every night garry@sage.att.com a child is born Software Innovation Services is a Holy Night. AT&T Labs - Sophia Lyon Fahs