This patches to loginform.ihtml and the validatelogin
in locval.inc prevent tte resubmission of a form
already submitted, thus prevents going back with the
browser back button and repost auth credentials when
authentication is expired
local.inc with extra check in auth_validatelogin
loginform.ihtml that adds an uniqid hidden fiels
Logged In: YES
my previous version of local.inc stored the used_formidsa in
tha auth->auth persistent array.
But once someone logged off, that would be cleared, thus
again allowing going 'back' to the posted loginform
This version stores the used_formids as a persistent session
variable ($sess-Zregister("used_formids"), so oit should be
there as long the sessions is tha same.
validatelogin registers and checks used_formids