Title is confusing, I understand. Here's what's happening: my user has a view on their cart where they can review which items they are buying. On that view, they can click a button that says "Go to payment methods" and open another view where they can insert their data.
However, I do not want that payment page to be accessible from the URL. The user should only get there by using that button, and not in any other way.
I've tried using sessions but the basic knowledge I have is probably not enough. This is a cardinal part for security (my project isn't really going live, it's for uni), and I wanted to know if there was a standarized better way that I'm not aware of.