Hmmmmmm, I only have one key for all. Currently it is stored in a chmod'ed 600 folder off my home directory (not root). I was told this was the safest place. I like your idea of a different key for each! But why in a hidden field? Isn't that too obvious? What about a cookie?
I did think about the cancel button, but there is still a chance they will bail without clicking it.
And how do you delete a record from a database automatically? Cron job? Thanks!
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot