Aspen:Form Tokens

From Aspen Documentation

Form tokens are random strings that are encrypted. One copy is stored in a hidden form field so that it's sent along with the POST data on form submission, while the second copy is stored in the users session data. The two copies must match when the form is sent back to the server. If they don't match the form is not accepted, as it's likely an attempted attack.

First, you must enable the feature in your configuration file. 

$config['require_form_token_auth'] = true;

The last step is to place the hidden field within your form: 

<input type="hidden" name="token" value="<?php print $token; ?>" />
Retrieved from "http://docs.aspen-framework.org/wiki/Aspen:Form_Tokens"