參考:http://blog.gslin.org/archives/2007/08/11/1267/
頁面:
<input type="hidden" name="doublecookie" value="<?= md5(session_id()) ?>" >
後端:
if (!isset($_POST["doublecookie"]) || $_POST["doublecookie"] != md5(session_id())) { // not match, break it }