OK so now i'm going to complicate things for you. I tried to use the download page as a simple analogy. The page actually contains a form that customers fill in that inserts a record into a database. So when the customer pays for the service they are redirected to this form page to fill in. But I don't want people going to this page directly. Could i use the session ID you mention in security assist ie check if the session ID exists if it does grant access if it doesn't go back to the start.