In CodeIgniter, you can allow CSRF (Cross Site Request Forgery) security by setting in application/config/config.php file the option value below to TRUE. You can defend CodeIgniter from the attack of forgery from cross-site requests.
If you are using the helpful function form_open(). This will create and automatically add a ‘hidden’ CSRF token to your forms. Codeigniter will then automatically test this token as part of the security funciton on each submission form. When it detects a CSRF error it will immediately throw a 401 error.
If you do not use form_open(), this does not automatically create the secret input field. Could be inserted manually. You need to manually attach it as shown below, past this within your form.