your login page is a mess, there are 4 instances of the authenticate user behavior and there should only be 2.
the last 2 on the page at lines 94 - 130 ar not needed.
the session created by the login is named "SecurityAssist_UserID"
however, in the Store order summary, and all of the other pages, you re using the "UserID" session variable instead. change that to use the "SecurityAssist_UserID" session variable.
store the link path:
in the table table, on the profile page, use the recordset binding for that column in an a tag:
<a href="<?php echo($row_recordsetName['ColumnName']); ?>"><?php echo($row_recordsetName['ColumnName']); ?></a>