IF $_SESSION[‘mykey’] IS NOT SET throw exception
OR
IF $_SESSION[‘mykey’] is different from $_POST[‘mykey’] throw exception
Probably these conditions does not happen if it does not throw the exception. Try print_r() or var_dumping your variables to see what values they have. You can also var_dump conditions e.g var_dump($_SESSION[‘mykey’] !== $_POST[‘mykey’]);