> Even using secret token it's now enough anymore. You have to do more > (but still use the token), where you will do page follow-up and > confirmations pages. Please explain. ? There's a certain balance between "secure enough" and "driving my users crazy" (-: S