CSRF token not usable in multiple forms

[ghost]

The CSRF token gets reset every time Security::check_token is called. This causes problems when the user has multiple pages open or multiple AJAX calls are made from the same page with the same token.

[WanWizard]

The issue here is that by default (as documented) the token is assigned to the form when the form is generated, which means it will be no longer valid as soon as an other form with that same token is submitted.

You can fix this by assigning the token when you submit the form, so the form will always contain the current token.

See http://docs.fuelphp.com/classes/security.html#/method_js_set_token