>>This is an e-commerce site which has up until PCI compliance issues has captured CC information for processing. Now we must no longer process the cards ourselves, nor can we collect the card number expiration date or CCV. We will be using a third party website to handle all of those details. We are posting to a webpage on the other site passing necessary variables such as name address etc. After the other website (URL) completes it process it posts back to a page we designate. when the postback occurs we are in a different session and the current user is NOT logged on.
>>
>>I have found a solution however.
>>

>>if membership.validate(<<username>>,<<password>>) then
>>  formsauthentication.RedirectFromLoginPage(<<username>>,True)
>>end if
>>

>>
>>The user is logged in and we can now update order status, clear out the shopping cart which is maintained in the profile.
>>
>
>Glad you got it working but it really shouldn't be necessary. The only reason I can think of that would make this happen is if you're returning them to a different domain than where they started (just navigating away from you domain and back shouldn't lose the session). So if they started out on www.yourdomain.com and you redirected them back to yourdomain.com (without the "www." part), that'd be considered a new site (so you wouldn't have a session anymore).

Hi Paul,

Thanks for your support of this "silly" question. You are absolutely correct. Only during testing from a local workstation which has not got a public address is the re-login necessary. The third party CC processor will return to the public URL and of course it is a new session. As you pointed out when returning to the same domain the session remains intact.

Thanks.