Provided herein are system, method and/or computer program product embodiments, and/or combinations and sub-combinations thereof for controlling access to a website. In some embodiments, a user scans a machine-readable indicia with their mobile device to access a backend redirect page. The backend redirect page receives the access request, generates a unique session identifier, and configures a dynamic address based on the unique session identifier. The backend redirect page redirects the mobile device to an intake page of a website using the dynamic address for that page. Whenever the user attempts to load a page in the website using the corresponding dynamic address, an intake backend for frontend verifies the validity of the unique session identifier associated with the dynamic address. A session monitor tracks the amount of time since the unique session identifier was generated and invalidates the unique session identifier after a predetermined amount of time has passed.