Good morning:

I am testing protected pages, specifically the protected pages from the registration solution, on a local server (localhost).

The problem is that I am able to access the protected pages directly by typing in the url extension. The protected pages that are live on my others sites do not allow this.

QUESTION:
Is it normal to have access to the protected pages when testing on a localhost?

QUESTION 2:
How can I safely pass a Session or Get variable from one page to another via a url? I don't want users to see and/or change their passed ids.

Thank you,
Jon

1) No it is not normal. They may be missing the page access code that should be preventint that.

2) You should store the information in a session... there is no need to add it to the URL, since it could be editied from there it isn't a safe way.

OK, I thought that wasn't normal . . . too much code changing. ANSWER: I was restarting a session that allowed anyone to access the protected page.

Do I just define the Session variable on the preceeding page to the protected page, or is the variable already defined by one of the WA rules?
PROBLEM SOLVED:
Set a variable to my $_Session and used that in my query.

Thank you for answering Ray! Don't know what I'd do without you and this forum (part of the problem was solved using your response to Kevin's sessions question).
Jon