Sandy44818
New Member
I'm a learner working on a login script. This is the form token statement that I have so far:\[code\]$_SESSION [ "form_token" ] = md5 ( rand ( time (), true ) ) ;\[/code\]The statement is issued just after the user indicates that he/she wants to login.My limited understanding is that its purpose is to identify a unique user at a unique point in time and to disguise the form token information. Then everything becomes fuzzy. 3 questions:[*]When is the best time to "check" the form token for security purposes? [*]How do I check it? [*]When, if ever, do I "destroy" the form token? (IOW, would the form token stay "active" until the user logs out?Thanks for your help.