Hello,

Could anyone possibly explain how this works? I understand that it's there to prevent spamming, but I was looking for a few more details on when and why exactly it kicks in. I had a person sending friends pms about a party he was throwing, (a legitimate use for them, in my opinion), and he kept getting this CSRS attack thing, which was blocking him. Is there a good way to get around this for legitimate uses, like perhaps having it not kick in between connections or something like that, (so I could just tell them to make connections with their friends). Any ideas?

CSRF prevents (the name says it) a special cross site attack.

also see
en.wikipedia.org/wiki/Cross-site_request_forgery

To prevent these attacks: uddeIM prints a magic number on each screen it outputs. When the user sends an input back to the server, this number is checked if it was coming originally from your server.
When someone displays a forged input form, one of your users enters text in this form and sends this form back, uddeIM will recognize this.

The problem is that the session is only valid for some minutes (depends on your Joomla settings). When the user writes very long texts the session might time out and the magic number is not longer known. He has to press "Send" a second time then and it should work.

Well, it wasn't a very long message, and I think he was just copying it and resending it. Could it be related to pressing the "back" button instead of going to compose a new message?

Yes, the "Back" button could cause this problem.