tag. Assuming our tag looked as follows we would add the following code to the Init() function: function Init() { ... var time = new Date().getTime(); // get current time document.cookie = "time=" + time; // plant the cookie document.searchform.time.value = time; // insert time in a hidden field ... } Somewhere between our

tag and our

tag we would add a hidden field as follows. The nature of submitting a form automatically puts the values of all fields (hidden or not) into a query string and appends that query string at the end of the URL that it submits to.

... ...

The search engine can be written in a variety of languages. Two popular ones are php and perl. Here are the php and perl codes that should be added to the appropriate search engine. First the php code if ($_COOKIE['time'] == "" || $_COOKIE['time'] != $_GET['time']) { exit; } Note that we explicitly test for the lack of a cookie. We do that because a foreign site’s search form could simply not transmit a query and if our site never set a cookie it would look as though the cookie and query string matched (they are both blank). And now the perl code # Check for time cookie $cookieTime = "0"; $rcvd_cookies = $ENV{"HTTP_COOKIE"}; @cookies = split /;/, $rcvd_cookies; foreach $cookie (@cookies) { ($name, $value) = split(/=/, $cookie); if ($name eq "time") { $cookieTime = $value; } } # Check for time query string parameter $queryTime = "0"; @pairs = split(/&/,$ENV{'QUERY_STRING'}); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); if ($name eq "time") { $queryTime = $value; } } # Exit if the time cookie doesn't match the time query parameter if ($cookieTime eq "" || $cookieTime ne $queryTime) { exit; } The search engine can even be written in javascript and executed on the browser instead of the server. In that case the code to add is // Check for time cookie var cookieTime = "0"; var cookies = String(document.cookie).split(";"); for (var index = 0; index < cookies.length; index++) { var parts = cookies[index].split("="); if (parts[0] == "time") { cookieTime = parts[1]; } } // Check for time query string parameter var queryTime = "0"; var query = String(document.location).split("?")[1]; var arguments = query.split("&"); for (var index = 0; index < arguments.length; index++) { var parts = arguments[index].split("="); if (parts[0] == "time") { queryTime = parts[1]; } } // Exit if the time cookie doesn't match the time query parameter if (cookieTime == "0" || cookieTime != queryTime) { return; } In the above code, the search engine simply exits and does nothing when the time cookie and time query parameter don't match. As mentioned earlier, a better solution is to redirect the user to our real search form. The simplest way to redirect the user is to have the search engine return the following webpage to him instead of giving him the results of his search.