Well I think this is an error
echo $this->security->getSessionToken();
echo $this->security->getToken();
echo $this->security->getSessionToken();
echo $this->security->getToken();
//expeted output
RjlLK2k0bEZSd2hadThscnp3bWMwUT09
bXdDMmx6cWZyMTRXdWF3SVdXc3VVUT09
RjlLK2k0bEZSd2hadThscnp3bWMwUT09
bXdDMmx6cWZyMTRXdWF3SVdXc3VVUT09
//real output
RjlLK2k0bEZSd2hadThscnp3bWMwUT09
bXdDMmx6cWZyMTRXdWF3SVdXc3VVUT09
bXdDMmx6cWZyMTRXdWF3SVdXc3VVUT09 <<--- here getToken() rewrite getSessionToken()
bXdDMmx6cWZyMTRXdWF3SVdXc3VVUT09
getToken function https://github.com/phalcon/cphalcon/blob/master/phalcon/security.zep#L354 getToken() should not change the value of getSessionToken() until the next request
I think this error generates the misunderstanding that makes programmers confuse us also removes the possibility of using the Validator Identical in our forms assigning the accepted value getSessionToken()
What do you think?