How should I do CSRF protection in cakephp 2.9?

I am implementing CSRF protection in my cakephp project. I have read official cakephp 2 cookbook and I did as explained in that book. But, now I am getting the “auth error”, "The request has been black-holed.
Error:Request URL: /users/changepassword."
every time the user change password form is submitted.

I have included the security component and also added the $this->Security->csrfExpires = ‘+1 hour’; in the before filter function. Is there any steps missed in my implementation ?


have you changed the hidden value with javascript ?