The most common way to protect codeigniter form CRSF is to use a hidden field in every form of the website. This hidden field will be used as a CRSF token which in a random value which
changes each and every HTTP request sent. When inserted into a website form it is saved in the user session if the request is the same it becomes legit.
