To prevent cross-site request forgery (CSRF) attacks, many
developers use the hash insertion technique. In short, the
$form->secure() function facilitates hash insertions by generating
a hidden form field containing a hash based on other fields in the
form.
secure( fields[array] )
secure(array('Post'=>array('id','name'));?>
This will output the hidden input element with a server-side-
generated hash:
The value of the hidden input element will certainly change
depending on the Security.salt value set in the app/config/core.php
file and the function’s own randomization algorithm. This hash is
accessible in the $this->data array under the ['_Token']['fields] key.
