Thanks for your comments.
This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?
And the reason for this check is to make sure that the http request is initiatted from the application in sequence by the user. For example, the application should not allow to access the last page without coming thru all the previous pages.
The pop-up window triggered from the application has the http request header "referer" value NULL always. Any comments on this please?
[ December 15, 2005: Message edited by: ashok sashrith ]