After moving to Phalcon2 from 1.3 I've noticed that my CSRF tokens have stopped working.
I'm sending AJAX calls to the server (without in-between page reloads) and include CSRF token with each post.
The first AJAX calls completes successfully, however each subsequent call fails CSRF valiation.
Debugging it I've noticed that after first call, the $PHALCON/CSRF$ and $PHALCON/CSRF/KEY$ keys are lost from session object (all other session variables are still there).
That obviously is causing CSRF validation error.
Does anyone have an idea what could be happening that causes the loss of $PHALCON/CSRF keys?