i'm generate a token for my form like this:
/*** set a form token ***/
$token = md5( uniqid(rand(), true) );
/*** set the session form token ***/
$_SESSION['form_token'] = $token;
and put hidden input in my form like this:
<input type="hidden" name="token" value="<?php echo $token; ?>" />
but when i submit the pages and compare the token it give me a different token id. can anyone tell me am i doing something wrong?