Generate UUID for transactions - keeps giving wrong input

I am creating an online enrollment form. When a user advances to page 2, I generate a 'unique' ID for that user with the following PHP command:

$_SESSION['ConfirmationNo'] = rand(100000000, 999999999);

however, later in the process, when a user can actually view their confirm number, they can simply 'refresh' the page once and a new confirmation number will appear.

Any way to do this where that particular ID is locked down from page 1 or 2?

Th开发者_如何学运维anks!

you could check if the confirmation number exists in session before generating it. Then if the number exists, either just use that to display previously submitted/saved information or display a message saying "please don't refresh this page".