The TokenProcessor currently supports a single token per user session. This can
be used to guarantee that a user will only submit a form once. However, since
only one token is supported, a user can not have multiple browser windows open
and submit forms from all of them. Only the most recent form would have a valid
This enhancement suggests supporting a list (say 20) of tokens so the user could
have a fair number of browser windows open and all would have a valid token.
A suggested patch is available.