on the confirm page, the store order summary behavior is set to use the UserID session variable.
it should be using the SecurityAssist_UserID session variable instead.
your login page is still quire a bit of a mess. you have unneeded instances of the authenticate user server behavior and there is also an instance of the Dreamweaver Login user behavior.