Is there a way to create a session variable that expires after a set time e.g 15 seconds or so users hitting reload or trying to submit twice wont be able to. I've disabled my comments function on my site at the moment until I find a solution. I would rather not use javascript as PHP code would be more transparent I think.

Any ideas?

edit: I forgot to add the whole process is in one page so I have the form action unset so it submits to its containing file. I would like to keep this structure. I know having it submit to a new file and redirecting back would remove the double post and reload problem but I'm looking for an alternative solution.

This post has been edited by sonesay: May 18 2008, 08:03 AM

The easiest way would be to store a timestamp in the session variable. Then, check that timestamp against the current time. If it has existed for more than 15 seconds, unset the session variable. Use the time() function to get the UNIX timestamp, then you can do something like:


Is that the sort of thing you need?

Yeah something like that. I'll give it a go and update.

update:



Thanks for the example, I am using the above code and it works fine. Is there a way for PHP to destroy posted variables? Reloading page after the 15 seconds stills makes double posting possible but at least there is some flooding protection.

This post has been edited by sonesay: May 18 2008, 10:22 AM

Why not just have the PHP script search the database for the same input and deny it if a match is found? I've seen, i think it was, the WordPress comment script do this.

I sort of didn't want to go that route since I didn't want to do the queries required to try and match existing post to new ones being submitted. I found out using header() direct to redirect to the same page is possible you just need to track the URL and it will clear post vars without the user knowing.