diff --git a/lib/Cake/Controller/Component/SecurityComponent.php b/lib/Cake/Controller/Component/SecurityComponent.php
index 16cdc6413..d7229bc44 100644
--- a/lib/Cake/Controller/Component/SecurityComponent.php
+++ b/lib/Cake/Controller/Component/SecurityComponent.php
@@ -495,8 +495,11 @@ class SecurityComponent extends Component {
 		if ($this->csrfCheck && ($this->csrfUseOnce || empty($tokenData['csrfTokens'])) ) {
 			$token['csrfTokens'][$authKey] = strtotime($this->csrfExpires);
 		}
-		$controller->request->params['_Token'] = $token;
 		$this->Session->write('_Token', $token);
+		$controller->request->params['_Token'] = array(
+			'key' => $token['key'],
+			'disabledFields' => $token['disabledFields']
+		);
 		return true;
 	}
 
diff --git a/lib/Cake/Routing/Router.php b/lib/Cake/Routing/Router.php
index ad96a977d..52c662149 100644
--- a/lib/Cake/Routing/Router.php
+++ b/lib/Cake/Routing/Router.php
@@ -1029,7 +1029,8 @@ class Router {
 
 		unset(
 			$params['pass'], $params['named'], $params['paging'], $params['models'], $params['url'], $url['url'],
-			$params['autoRender'], $params['bare'], $params['requested'], $params['return']
+			$params['autoRender'], $params['bare'], $params['requested'], $params['return'],
+			$params['_Token']
 		);
 		$params = array_merge($params, $pass, $named);
 		if (!empty($url)) {
diff --git a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
index 4f2209070..6b2ddffac 100644
--- a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
@@ -996,6 +996,7 @@ class SecurityComponentTest extends CakeTestCase {
 		$token = $this->Security->Session->read('_Token');
 		$this->assertEquals(count($token['csrfTokens']), 1, 'Missing the csrf token.');
 		$this->assertEquals(strtotime('+10 minutes'), current($token['csrfTokens']), 'Token expiry does not match');
+		$this->assertEquals(array('key', 'disabledFields'), array_keys($this->Controller->request->params['_Token']), 'Keys don not match');
 	}
 
 /**
diff --git a/lib/Cake/Test/Case/Routing/RouterTest.php b/lib/Cake/Test/Case/Routing/RouterTest.php
index 2f00a8de0..0364aa8b4 100644
--- a/lib/Cake/Test/Case/Routing/RouterTest.php
+++ b/lib/Cake/Test/Case/Routing/RouterTest.php
@@ -2285,7 +2285,8 @@ class RouterTest extends CakeTestCase {
 			'autoRender' => 1,
 			'bare' => 1,
 			'return' => 1,
-			'requested' => 1
+			'requested' => 1,
+			'_Token' => array('key' => 'sekret')
 		);
 		$result = Router::reverse($params);
 		$this->assertEqual($result, '/posts/view/1');