You should probably not be passing the user id in the url and instead reference it from the Session variable stored when they log in.
That means updating the Recordset on the order history page to filter based on the session variable that you can find the name of from the user authentication server behavior on the login page.