I would not use Javascript for security validation.
You are just asking for trouble.
Javascript can be easily by-passed or over-ridden.
Stick with PHP.
PHP Code:
<?php
session_start();
$msg = "<div>Enter security code: </div>";
if(!empty($_POST["sCode"]))
{
if($_SESSION['security_code'] == $_POST["security_code"]){header("location:process.php");}
else{$msg = "<div style='color:#f00;'>Incorrect security code. Try again.</div>";}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form action="#" method="post">
<?php
echo $msg;
?>
<input type="text" name="security_code"><br />
<input type="submit" name="sCode" value="Submit">
</form>
</body>
</html>