The secure_form_tag module is accessible via the webhelpers.rails module.
Generates form tags that include client-specific authorization tokens to be verified by the destined web app.
Authorization tokens are stored in the client's session. The web app can then verify the request's submitted authorization token with the value in the client's session.
This ensures the request came from the originating page. See http://en.wikipedia.org/wiki/Cross-site_request_forgery for more information.
Pylons provides an authenticate_form decorator that does this verfication on the behalf of controllers.
Create a form tag (like webhelpers.rails.form_tag.form) including a hidden authentication token field.
Create a form tag (like webhelpers.rails.prototype.form_remote_tag) including a hidden authentication token field.
See the source for more information.