RequestToken will persist the token for the life of the client session, and generate
per-request keys that will match against that token.
Using these token/key pairs in forms and other non-idempotent requests will help you secure
your application against cross-site request forgeries, or CSRF attacks.
### Example
views/comments/add.html.php:
...
form->create($object); ?>
security->requestToken(); ?>
Other fields...
form->end(); ?>
controllers/CommentsController.php:
public function add() {
if ($this->request->data && !RequestToken::check($this->request)) {
Key didn't match the CSRF token. Regenerate the session token and
prompt the user to retry the form submission.
RequestToken::get(array('regenerate' => true));
return;
}
Handle a normal request...
}