Hi, i am trying to come up with a security token system for all my
form, normal approach would be setting a token and put it in to the
session whenerever the user request a new page.

$_SESSION['token'] = random string here.

The problem is, the string would be overwritten everytime when a user
request a new page.
But it is common now for people to open up a few tab for a website.
And it would cause the token to expire, and cause the last few tabs
you open to fail the security token check.

Is there a better soultion?