3 Oct
2005
3 Oct
'05
4:22 p.m.
On Mon, 3 Oct 2005 16:10:10 +0200 Adrian Rossouw <adrian@bryght.com> wrote:
If I load the form twice, does it have a different id each time? How about if two different people load the form?
Every time you submit the form, it will be different on subsequent reloads.
Every person will have a different token, due to the session id being part of it.
However, as the session id is stored on the client, it can be controlled by the spammer. Thus, a spammer could simply use the same session_id to submit the same form with different data. We have to allow multiple submits from the same session_id to handle previews and submits with errors... -Jeremy