Thank you, I Googled this also and found that the same thing you said. I thought the session_start should be before the <html> tag but after the document declaration.
The source is showing the token value now: <input type="hidden" name="token" value="9925f5649adca5ae9ceaef26e785110548e860ee4e8931.12062212" /> ---------------------------------------------------------------------------------------- And upon submitting the comparison values are the same: Token in session [9925f5649adca5ae9ceaef26e785110548e860ee4e8931.12062212] Token from URL [9925f5649adca5ae9ceaef26e785110548e860ee4e8931.12062212] Are they equal? Yes. Valid token. ----------------------------------------------------------------------------- Upon reloading they are different. ------------------------------------------------------------------------------ And the fake form produces an invalid token: Token in session [3f976e1dd19e77389b8f6b3e25626f5548e861a7c86284.93840560] Token from URL [] Are they equal? No. Invalid token. http://www.dockhawk.com/html.html -------------------------------------------------------------------------------- Now I am getting invalid token on my original page but that's it! lol: http://www.dockhawk.com/ On Oct 4, 11:24 pm, William <[EMAIL PROTECTED]> wrote: > about the cache limiter, it is saying that HTML output has already > started before the session_start(), so you need to ensure the <?php > session_start(); is the very first thing in the file, get rid of any > spaces etc. PHP Sessions have expiry times and this info needs to be > passed in the HTTP headers. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
