>>Otherwise you could query for a session variable. I used latter approach in my first web application. On site there weren't any htm/asp files other then some plain login, help etc ones. The link had a dll in it. All access was actually a call to a method via the dll. Methods simply check for sessionID first then generate htm and directly inject it back to the response buffer (poor man's site:).
>
>Thanks for your suggestion, I will see what can be done in this regards. The dll you mentioned is available in the market or one has to create it as per requirement, if so, a VFP dll will require runtime files. If you can shed some light on this, I am a newbie in this internet regards.

You can use that approach by having a hidden value that only your VFP app would know about - sort of hidden name/password. Your serverside app would generate a random value, your client app would calculate the response from it and post it. Then the server side app would calculate the same thing and compare the results. If not the same, generate "sorry, no access" message, else display the next page regularly.

How you would calculate that is entirely up to you. It can be a random integer and the calculated value would be bitxor(nNumber, 0xF0F0F0F0) or even something simpler. Or you could do something with strings and sys(2007) (or whatever was the number of the CRC thing).