@Andrew: I wasn't specifically commenting on the 0 or 1 thing. My point was that you didn't actually seem to understand the principle of using a token / session method to stop a form being resubmitted yet you were commenting on the unworkable side of the idea.
If you don't understand it yourself until someone like Fou explains it to you then how can you be sure you're offering good advice?
As for the 0 / 1 thing, yes it can work easily. You're forgetting that you can either use the token as the session key name OR the value. As long as it exists in one form or another it can be found by the processing script.
Using random numbers isn't really my preferred method as there is always the very remote chance that you may get the same random number. I would personally use a table in the DB with an autoinc value starting at 100000 and just inset a new row and then get that id. When the form is submitted you wipe that row off the table. That way the token is guaranteed never to match and will always be unique.
My helpful sig has gone because a mod below the administrator gave me an infraction - despite the administrator personally agreeing to it.
If you need any php tips or tricks you can PM me.