1) you can't prevent users doing such things
2) store everything needed in session variables
What you can/should use:
CSRF tokens[
^]. If you need you can implement even simple links as forms, to have it under control.
If you want to force users to follow a specific path in the application, you can create one-time random cookies with their pair stored in session. This is a technique, not a concrete tool. Every cookie is valuable for the following step only, thus even if the user opens an other window with the same url, only one of them can be used.
But everything depends on what kind of application you are making, for what purpose.