I use csrf system identical to vokuro one:
// LoginForm.php
//CSRF
$csrf = new Hidden('csrf');
$csrf->addValidator(
new Identical(array(
'value' => $this->security->getSessionToken(),
'message' => 'CSRF validation failed'
))
);
$this->add($csrf);
// login.volt
{{ form.render('csrf', ['value': security.getToken()]) }}
and it's working fine on Phalcon 1.3.4. On 2.0.0 it is working only on first form submit. On every next submit it returns 'CSRF validation failed'.
Any workaround? :I