I am using a security token for a form, the form is dynamically built depending on selection through jquery. So the form is called quite a lot and different tokens created every-time. So.. if the same user calls the form 3 times the session would be rewritten? Would it help at all to check if the token exists and not create one unless its empty? or perhaps someone knows of a good way to work with form tokens? If 3 users are on then the token is created 3 times with different values, right? If I check for the token and 3 users are on then the session is created 3 times with the same values?