when the user logs in, your login page is storing the User ID in a session variable named:
SecurityAssist_UserID
dont pass that value in the URL though, use the session on the redirect page instead of using the URL variable.
so on the confirm agree page, you have the recordset filtering the UserID on the URL variable, instead set the recordset to filter using the SecurityAssist_UserID session variable.