diff --git a/control.php b/control.php
index 851504d..dad49b5 100644
--- a/control.php
+++ b/control.php
@@ -13,32 +13,41 @@
  *
  * @version $Id$
  * @Copyright (c) 1999-2002 The Owl Project Team
- * @author michael
+ * @author <a href="mailto:michael@jamwarehouse.com>Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa
  * @package dms
  */
 
 // main library routines and defaults
 require_once("./config/dmsDefaults.php");
-require_once("./lib/owl.lib.php");
-require_once("./config/html.php");
-require_once("./lib/control.inc");
-require_once("./lib/Session.inc");
-require_once("./lib/SiteMap.inc");
+require_once("$default->owl_fs_root/lib/owl.lib.php");
+require_once("$default->owl_fs_root/config/html.php");
+require_once("$default->owl_fs_root/lib/control.inc");
+require_once("$default->owl_fs_root/lib/Session.inc");
+require_once("$default->owl_fs_root/lib/SiteMap.inc");
 
 // -------------------------------
 // page start
 // -------------------------------
 
-if (!checkSession()) {
-    // no session, redirect to login
-    $action = "LOGIN_FORM";
-    // redirect to login page with redirect
-    $originalRequest = urlencode($_SERVER[REQUEST_URI]);// . $_SERVER[QUERY_STRING];
-} else {
-    // retrieve session array
-    $sessionStatus = $_SESSION["sessionStatus"];
+// check the session
+checkSession();
+
+// loop through array of post params and build query string, omitting action
+$queryParams = "";
+foreach ($_POST as $key => $value) {
+    //echo "key=$key; value=$value<br>";
+    if ($key != "action") {
+        if (strlen($queryParams) > 0) {
+            $queryParams = "?$key=$value";
+        } else {
+            $queryParams = $queryParams . "&$key=$value";
+        }
+    }   
 }
 
+// reset authorisation flag before checking access
+$_SESSION["authorised"] = false;
+
 // check whether this group has access to the requested page
 $page = $default->siteMap->getPage($action, $_SESSION["groupID"]);
 
@@ -46,20 +55,20 @@ if (!$page) {
     // this group doesn't have permission to access the page
     // or there is no page mapping for the requested action
     
-    // TODO: build no permission page
-    print "you do not have access to view this page!  please go away, and come back when you do.";
+    // FIXME: redirect to no permission page
+    print "you do not have access to view this page!  please go away, and come back when you do.<br>";
+    echo generateLink("LOGOUT") . "logout</a>";    
+
     exit;
 } else {
-    // set authorised flag
-    $sessionStatus["authorised"] = true;
+    // set authorised flag and redirect
+    $_SESSION["authorised"] = true;
     
-    //echo "about to redirect to $page<br>";
+    // if we have additional params to add do it
+    if (strlen($queryParams) > 0) {
+        $page = $page . "&$queryParams";
+    }
+
     redirect($page);
-    // FIXME: append original request if necessary
-    //if (isset($originalRequest)) {
-        //redirect($page . "?fRedirect=$originalRequest");
-    //} else {
-        //redirect($page);        
-    //}
 }
 ?>