Help with PHP sessions for use in a contact form

[Major_Disaster]

Hello all,

Id really appreciate some help using sessions in my PHP contact form.

What i would like to achieve is a way limiting each user to submitting the form once every 60 seconds (so im not overrun by Spam). I was thinking of creating some session based on the user's IP (or SID - but i dont really understand that) and just checking the session data.

However, i dont understand fully how sessions work, this is what i currently have:

	//Start the session
	$session = session_id();
	if($session == "") {
		session_start();
	}

	//Check if the a message has been sent in the last 60 seconds
	$timeLimit = $_SESSION['lastMailed'] + 60 < time();
	if (!$timeLimit && $_SERVER['REMOTE_ADDR'] = $_SESSION['ip']) {
		$response['error']['time'] = 'Whoah, slow down there! Please wait 60 seconds before sending another enquiry';
	}

//blah blah check the POST data and send the email

	//Start timing from when the message was sent
	$_SESSION['lastMailed'] = time();
	$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];

But PHP is giving me warnings about modifying session data.

Sorry im being a bit vague, its just im not too sure what the best way to implement sessions are.

I would really appreciate some help.

Cheers

 

[Major_Disaster]

EDIT: Scap that i just needed to put the session_start() at the top.

I do have a question though, im trying to limit one message each user to being able to send a message every 60s (so i cant get spammed too much). I was thinking i could use the IP address in the Session data? Could this be achieved? You can see my attempt in my OP.

Cheers

 

[Major_Disaster]

@UncleRuckus - Thanks for the help. Ill look at using the session ID instead of / in conjunction with the IP

@JimAroo - Thanks.The thing is i had setup reCaptcha, but then was worried about how ugly it looks with JS turned off. Looking at AWstats compared to Google Analytics i *think* i have a lot of visitors without JS, so i didnt want to muck up the form for them...