Anti-flood DDoS in PHP

If I were you I would start by understanding where in your code this is happening. It is obvious that the below if block is being taken and $_SESSION['last_session_request'] > time() - 2 is evaluating to true. If I were you, I would echo $_SESSION['last_session_request'] and time() to see if these are values you expect. Taking a look here should give you all the answers you need -> https://stackoverflow.com/questions/3972...per-second.