I've noticed if you don't end a script after a header() call the script will still attempt to run... maybe a double header()?

header('location: first site to drop the cookie');
header('location: second site to send the visitor');
die(); # and end the script right here

Two Location: headers? Is that even legal?

I tried two headers, and it looks like it skips the first header call, and just goes right to the next header location.

Any other ideas?

The affeliate page is the one that has to do the second redirect. So unless they offer that funcionality there is no way that I know of doing it.

well maybe, man I have no idea if this will work but...

open a socket or use curl and hit the first page then send them to the deep page, you can dump the return page you get back, just use output buffering or something and clear the buffer then use header and send your visitor to the actual page.

this really might not work well and I can see there being a few, um, intricacies involved. You should test something like this on a site you control so you can look at logs and whether it tracks properly.

another thing might be if there is no link to this deep page from the main page then it could look suspect. You don't want to get booted out of any aff programs.

I tried two headers, and it looks like it skips the first header call, and just goes right to the next header location.

Which of the headers that is actually used is undefined. In other words it depends on the browser and is subject to change.