First of all, you haven't really specified what your URLs look like here...
PHP's $_REQUEST[] superglobal applies to both GETs and POSTs so it's hard to tell exactly what we're dealing with (although since the URL is bookmark-able, it's probably GET).
Assuming this,
As Donk suggested, using a database to store the unique query string identifier would definitely be the easiest solution here.
If you don't have an extra DB table to spare, you'll probably have to resort to a little bit of raw ingenuity. Although cookies and sessions would work in theory, neither are secure or practical enough for this scenario.
My best suggestion would be formatting the 'Thank You' page url as such:
Code:
unique unix time
key (10 digits)
http://yoursite.com/thank-you.php?cbreceipt=1234abcd_1244577730
This way, the URL your customers are visiting actually contains the time it was created, but they won't even realize it (this way it can't be manipulated like a cookie could be).
When you perform your time check, you could just do something like this:
PHP Code:
<?php
$receipt = $_GET['cbreceipt'];
$parts = explode('_', $receipt);
$rcpt = $parts[0] // <-- $rcpt is from original script
$created = $parts[1] // <-- time the link receipt was created
?>
Then you could just take the '$created' value and compare it to the current 'time()' value, just as Donk suggested.