To expand on the more secure session key format, you can tuck away the location of the form that was last accessed (generated) in your app and then when a post happens and the session ID is valid you know where the last display of information came from. If you have a more complicated site that has complex structure you can add to a "queue" like array that keeps the last lets say 10 generated page locations in the session and the form portion of the app can loop through the array and see if an acceptable page to generate the form is in the list.

Another option is a flag, in this scenario you have a pair of generated form page and POST processors, when the session is accessed in such a way where the form generating section of code is called, a flag is set in the session. Then when the form is posted back to the app you can check to make sure the flag has been set and clear it to force the same path in the future. If the flag is not set you can error out and force the correct path to happen. This should help reduce the problem of tabbed viewing with the same session.

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.