Still this won't pass the session to the next page.... is there a way to pass parameters in the url but mask them? maybe that would be easier, since I do have code that works passing the adminID on the url ... can a parameter be hashed after the fact? I tried echo-ing the fields on the next page and they are not passing... my code that still doesn't work: <?php // start session session_start(); include("inc/dbconn_open.php") ; $errs = error_reporting ('E_ALL'); if (isset($_POST['UserName'])) {$UserName = $_POST['UserName'];} else {$UserName = '';} if (isset($_POST['Password'])) {$Password = $_POST['Password'];} else {$Password = '';} $msg = ''; if (!empty($UserName)) { $sql = "SELECT * FROM admin WHERE UserName ='$UserName' and Password ='$Password' " or die(mysql_error()); $result = mysql_query ($sql); $row = mysql_fetch_object ($result); If (mysql_num_rows($result) > 0) { $_SESSION['AdminLogin'] = $row['AdminID']; header ("Location: Main.php"); } else { $msg = "Invalid Login"; } } ?>