>This is an e-commerce site which has up until PCI compliance issues has captured CC information for processing. Now we must no longer process the cards ourselves, nor can we collect the card number expiration date or CCV. We will be using a third party website to handle all of those details. We are posting to a webpage on the other site passing necessary variables such as name address etc. After the other website (URL) completes it process it posts back to a page we designate. when the postback occurs we are in a different session and the current user is NOT logged on.
>
>I have found a solution however.
>

>if membership.validate(<<username>>,<<password>>) then
>  formsauthentication.RedirectFromLoginPage(<<username>>,True)
>end if
>

>
>The user is logged in and we can now update order status, clear out the shopping cart which is maintained in the profile.
>

Glad you got it working but it really shouldn't be necessary. The only reason I can think of that would make this happen is if you're returning them to a different domain than where they started (just navigating away from you domain and back shouldn't lose the session). So if they started out on www.yourdomain.com and you redirected them back to yourdomain.com (without the "www." part), that'd be considered a new site (so you wouldn't have a session anymore).