#!/usr/bin/perl

use strict;
use warnings;
use CGI;
use CGI::Session;
use CGI::Carp qw(fatalsToBrowser);
use Time::HiRes qw(gettimeofday);
use Digest::SHA qw(sha256_hex);
use HTML::Template::Compiled;

my $q = new CGI();
my $token = uniqid();
my $s = new CGI::Session;


my $t = HTML::Template::Compiled->new(path => [ '.' ], filename =>
        'test.tmpl', open_mode => ':utf8', tagstyle => [ '+tt' ], default_escape => 'HTML_ALL');

$t->param(token => $token);
print $s->header(), $t->output;

check_reload();
$s->param(token => $q->param('token'));


sub check_reload {

    if( $q->param('token') && ($s->param('token') eq $q->param('token'))) {
        print "Error: RELOAD";
    }

}

sub uniqid { 

  my($s,$us)=gettimeofday();
  my($v)=sprintf("%06d%5d%06d",$us,substr($s,-5),$$);
  $v = sha256_hex($v);
  return $v;
}


##</code><code>##

<form action="test.pl" method="post">
    <input type="hidden" name="token" value="[%= token%]">
    <input type="submit" value="Submit">
</form>