Or, here's another thought...go ahead and set a var on the TOS page, pass it through and check for its existence..if it doesn't exist, throw them to the TOS page *then* let them get to the application....or something like that. :o) Judith Joshua OIson put into words: >Hmmm, or maybe just forget checking referrer at all. On the TOS page, just >encrypt the date, send it in the URL or via a form field, then decrypt it on >the next page. If the date is okay and is today, then you know where they >came from, otherwise redirect them back to the TOS page. If you just use >the referrer, some people may NEVER get through. Judith Taylor ICQ: 67460562 Freelance ColdFusion Developer - Athens, OH Friends don't let friends code before coffee.