Been searching online for an answer and can't find anything. Let's say I have a simple PHP form. It uses session variables so it knows the user's username. Is there a way to prevent a user from logging in, then opening another tab in their browser and using a copy of that form located on their server and submitting the values to my form that processes the values? I know I can check the header, but that can be faked. Same thing with the IP address. I just want to be able to know with certainty that when a form is submitted, it came from a user using my form on my server. My actual need is a little more complicated than this, but the general premise is the same, so I tried to make it as simple as possible. Thanks.