I use CGI::Session to create the token which identifies the session, this is not the $token which should prevent the resend of POST-Data. I tired to add a rand(10) to $v but this didnt change the scripts behavior.