diff --git a/cake/libs/controller/components/security.php b/cake/libs/controller/components/security.php
index 7e834a2c5..84c010fa6 100644
--- a/cake/libs/controller/components/security.php
+++ b/cake/libs/controller/components/security.php
@@ -154,6 +154,24 @@ class SecurityComponent extends Component {
  */
 	public $validatePost = true;
 
+/**
+ * Whether to use CSRF protected forms.  Set to false to disable CSRF protection on forms.
+ *
+ * @var boolean
+ * @see http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
+ * @see SecurityComponent::$csrfExpires
+ */
+	public $csrfCheck = true;
+
+/**
+ * The duration from when a CSRF token is created that it will expire on.
+ * Each form/page request will generate a new token that can only be submitted once unless 
+ * it expires.  Can be any value compatible with strtotime()
+ *
+ * @var string
+ */
+	public $csrfExpires = '+30 minutes';
+
 /**
  * Other components used by the Security component
  *
@@ -649,10 +667,10 @@ class SecurityComponent extends Component {
  * @return bool Success
  */
 	protected function _generateToken(&$controller) {
-		if (isset($controller->params['requested']) && $controller->params['requested'] === 1) {
+		if (isset($controller->request->params['requested']) && $controller->request->params['requested'] === 1) {
 			if ($this->Session->check('_Token')) {
 				$tokenData = $this->Session->read('_Token');
-				$controller->params['_Token'] = $tokenData;
+				$controller->request->params['_Token'] = $tokenData;
 			}
 			return false;
 		}
@@ -666,8 +684,8 @@ class SecurityComponent extends Component {
 			'disabledFields' => $this->disabledFields
 		);
 
-		if (!isset($controller->request->data)) {
-			$controller->request->data = array();
+		if ($this->csrfCheck) {
+			$token['csrfTokens'][$authKey] = strtotime($this->csrfExpires);
 		}
 
 		if ($this->Session->check('_Token')) {
diff --git a/cake/tests/cases/libs/controller/components/security.test.php b/cake/tests/cases/libs/controller/components/security.test.php
index 0efc169db..c4220fe8e 100644
--- a/cake/tests/cases/libs/controller/components/security.test.php
+++ b/cake/tests/cases/libs/controller/components/security.test.php
@@ -1237,11 +1237,13 @@ DIGEST;
  */
 	function testCsrfSettings() {
 		$this->Security->validatePost = false;
-		$this->Security->enableCsrf = true;
+		$this->Security->csrfCheck = true;
 		$this->Security->csrfExpires = '+10 minutes';
 		$this->Security->startup($this->Controller);
 		
 		$token = $this->Security->Session->read('_Token');
-		$this->assertEquals(count($token['csrf']), 1, 'Missing the csrf token.');
+		$this->assertEquals(count($token['csrfTokens']), 1, 'Missing the csrf token.');
+		$this->assertEquals(strtotime('+10 minutes'), current($token['csrfTokens']), 'Token expiry does not match');
+		
 	}
 }