Originally Posted by tangoforce
Well considering the next user would need to know the previous users password, I think its a no-go to be honest. You could also put the users ID number in the form (or a hashed version of it at least / random value) so that you can compare the session data to make sure it belongs to the right user should another login with the same session id.
As per Debbies request, you can save the entire $_GET and $_POST arrays in the session (along with the $_SERVER so you know the original url), do your login and then check / use them as you originally would have done. This is a method I've used for a few years with minimal hassle as I also had the same problem with my site (i have a session time out / password confirmation thing which needed to remember input and act on it after the login page).
I got it figured it out.
Before reading Tango's post, I stored the "Subject" and "Body" of the User's Session variable, and then after they log in and are re-directed back to the "Send PM" form, I use those Session variables to populate my Form.
(The tricky part way figuring out the sequence of what to do when - as is almost always the case with coding!!)
Seems to be working well, and I agree with Tango that this solution is secure enough for now.
I'm sure I'll find better and safer ways to re-do my entire website with v3.0...