--- includes/form.inc.orig	2005-11-06 14:58:50.000000000 -0500
+++ includes/form.inc	2005-11-06 15:01:01.000000000 -0500
@@ -59,7 +59,7 @@
       variable_set('drupal_private_key', mt_rand());
     }
 
-    $form['form_token'] = array('#type' => 'hidden', '#value' => md5($_SERVER['REMOTE_ADDR'] . $form['#token'] . variable_get('drupal_private_key',
+    $form['form_token'] = array('#type' => 'hidden', '#value' => md5(session_id() . $form['#token'] . variable_get('drupal_private_key',
 '')));
   }
   $form['form_id'] = array('#type' => 'hidden', '#default_value' => $form_id);
@@ -98,7 +98,7 @@
   global $form_values;
 
   if (isset($form['#token'])) {
-    if ($form_values['form_token'] != md5($_SERVER['REMOTE_ADDR'] . $form['#token'] . variable_get('drupal_private_key', ''))) {
+    if ($form_values['form_token'] != md5(session_id() . $form['#token'] . variable_get('drupal_private_key', ''))) {
       // setting this error will cause the form to fail validation
       form_set_error('form_token', t('Validation error, please try again.  If this error persists, please contact the site administrator.'));
     }