Most effective method would be with cookies or session ID's.

Umm... are u suggesting that abc.com set a cookie that we read?

and if HTTP_REFERER can be spoofed, then wouldn't that render sessionID as being already spoofed?!

I'm not going to be able to expand on this.

Suggest you post this in either the Apache forum or one of the other Webmaster World forums related to scripts.

You might also try searching the webmaster World archives (via google)for both cookies and session ID's.

Refer's are not a sure fire method, however the aforementioned capabilities would reduce the liklihood of decption, as would header verfication. There are numerous threads at Webmaster World (and across the internet) on these methods.

It's not as "simple" as you'd like, however it may be accomplished.

While referers can be spoofed, its isn't easy or trivial. Its beyond your average webmaster.
Third party webmasters can't look at your code to see if you are checking the referer - this happens within your PHP code (for a LAMP solution) and doesn't show in the output HTML (they could look at the page when they come from different sources and note the change and infer why it happens, of course).

And, no, wilderness doesn't mean abc.com sets a cookie - you can't read 3rd party cookies. On the first page view *your* code notes 'referer = abc.com' and sets a cookie to indicate same throughout the session.

Its possible you are asking too advanced a question for your level - try doing some more reading and experimenting on your own.

Thanks for your response... but I am faaar from a newbie. So much so that we have devised ways of reading cross-domain cookies ;)

Just looking for a canned solution, and hoping to tap into the knowledge pool already available rather than re-inventing the wheel.

You answerered the most key question for me by saying the average webmaster cannot spoof HTTP_REFERER. I am willing to live with a minor amt of abuse.

THANK YOU for your help. Really.
--