it would take no more than 30 seconds of looking at the source code to bypass this mechanism.
The simple version I posted, true. But as I stated, it takes about 5 seconds to change the values by adding a multiplier or some other fudge factor and the spammer's code won't work again. I was getting 100s of spams per day, had someone from Romania actively hacking at my forms (I was watching them test it) and they gave up quickly after just a little cat and mouse with this code.
I didn't post all my secrets to thwarting the spammers, but if you insist...
Basically that session ties a specific value to a specific page being rendered, which is where the hash value also comes into play on my site, the Romanian dude never got past it and he tried for hours :)
FYI, people that tried my code have said it stopped the problem dead in it's tracks without all the craziness involved with the majorly complicated solutions everyone else peddles. Sometimes simplicity and obscurity are all you need to kick spam to the curb.