Thank you Devlin for you interest.
In my case security token is not enough just because is it not difficult to parse it by some spam engine. I want to disallow comments posted in 60 sec after page was loaded. so I store time in session and check it on form sibmittion. Hidden field here is not so necessary, just one more verification.
Let's say there is no hidden field, just session.
Posted to: Store session inside Controller | Show Thread | Post Reply