Should you suffer from re-posting data problems then you can use the session state info to prevent such (e.g. hidden field with sequence number) or look at solutions discussed in this thread or this thread.

If not, you should define a timeout, and run a cron job twice a day that clears all old entries in the database.

Hey, that thread helped me understanding the logic to prevent the refresh duplicates, but in the it still not bullet proof? Wouldn't it be really easy for someone to just add a random generated session id and tag it on the session_id parameter, and keep making form requests to your validation script. The validation script will always receive different generated sessions, thus making it really easy to flood your directory?

Perhaps, add a IP field and only allow 5 max request per? But then someone can trick the IP or perhaps connect to a list of proxies and take turns 1 by 1?

Theres really no reliable way is there?

thanks for replies....that thread also helped me a bit better. I guess someone will have to build some bot to do what your talking about? Its doesn\\\'t concern me too much security wise and I\\\'m just over worrying about it. also what did you mean by flood your directory?

my ($confid);
my @passset = ('a'..'z', 'A'..'Z', '1'..'9');
for (my $i = 0; $i < 16; $i++) {
     my $randum_num = int(rand($#passset + 1));
     $confid .= $passset[$randum_num];
                             }
[download]