Useless for sf1.3/1.4 project
symfony has the ability to protect each form of your project against CSRF attacks.
To enable this feature, you have to prompt a csrf key in apps/frontend/config/settings.yml
:
all:
.settings:
csrf_secret: chooseYouOwnSecretKey
This solution inject in each form a token unique for a given user and for a given form.
Be carefull, forms that use the csrf protection can no longer be cached.
Read the related symfony documentation