I have created a login and registration system using php. I intend to use nonces to prevent the replay attack. So far what I have is, generating a random number using (uniqid(mt_rand(),true));
and then store this on the database, and pass the same data in a hidden field to the client end, and then send it back to the server side, when the login button is clicked. if it matches the on in the database, the user is redirected to the private page, and then a new nonce is generated and updated in the database.
This is how i intend to implement it. But I'm some how not totally sure of the implementation.