Perhaps you could assign an ID to the HTML form.
Generate the HTML page from CGI, inserting the unique ID, and then just have a history/log table of requests and disallowing non-unique requests.
Be nice and let them refresh the page with a new ID if they have caching or other problems.