Heres what i did
I think i got it working now.
1. post the form using the ID of the comment
2. record set lookup finding ID and also matching the session ID of user who is logged in
3. set delete record trigger to if recordset is NOT EMPTY.
This way, the only person that could actually delete a comment, would have to be the same user ID logged in as the one who made it, i dont think anyone could post to the page from an outside and be able to delete any records..
does that look good to you?