The last thing I want to do is over contribute my thoughts and cause annoyance, but what I meant was vBulletin will have a small piece of code (or a function) which is run each time someone loads a page on the forum to see if that user is logged in (validating their tdu-central.com session cookie). If you called the same piece of code/function from your dl page it would verify the user is a forum user and is logged in (as vBulletin does), meaning you would not have to setup your own sessions and database and all that but utilize what the forum is already doing, resulting in perhaps more optimal access control for the dl page(s). Apologies if you already knew thats what I was getting at.