Hi, how do Facebook posts (status updates) / comments work in terms of security...

I was surprised to see that Facebook allowed me to post 3 status updates one after the other and then also allow me to post 20 comments on a status update all within 5 seconds

I have a comment feature on my website and i need a way of preventing users from spamming with comments (without use a captcha)

Users must be logged in to post a comment... so when a comments is being posted, should i just check to see if the same $ user_id posted a comment within the last 20 seconds... or can someone think of a more suitable method...

Thanks in advance for your help...