I have a popup window (required by the client) containing a form and would
like to prevent users from accessing it directly. They are instead required
to access the page via a hyperlink on another page. HTTP_REFERER, while not
completely reliable, would serve the purpose except for another problem. The
hyperlink points to a JavaScript function which opens the popup. This yields
HTTP_REFERER worthless. My other thought was to create a session_id and pass
it to the popup. However this session_id would not be valid in the new popup
window.
Bottom line, I need to validate the user to insure they are accessing the
page through the "front door".
All comments/suggestion appreciated.
Thanks.