[eluser]gh0st[/eluser]
Oh okay.
I nearly got mine working, but it was way too strict and it wasn't working correctly. I've abandoned it until a later time.
I think using this method works better with post and not get.
My idea was;
1. Form has a hidden randomly generated token
2. Search results checks the token against session
3. Search results generates a new token and puts this in the form, but not in the URLs, or session.
4. If the user presses SUBMIT, a new token is forced into session, but if the user clicks on a URL the token is the same.
My problem came with when you simply went to the URL and pressed enter loads of times, the token would never really change.
It doesn't matter, I've abandoned it until further notice.