On Wed, Mar 19, 2008 at 12:01 PM, Eric Butera <eric.butera@xxxxxxxxx> wrote:
>
> Unique form tokens.
>
> Generate a token when the form is displayed and save that value in the session.
>
> Then on post check it and remove it. Then if they re-submit it will
> not exist therefore be invalid.
I like Eric's method better than the timestamp method I proposed.
Much cleaner and easier to institute, and I'd hazard a guess at it
being more reliable as well.
--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
