Security Class "The action you have requested is not allowed."

[eluser]megabyte[/eluser]
Is it possible to turn on csrf protection on a per controller basis?

I'd want it on forms that do not require authentication, but once a user is logged it should not matter as much.

Thats the only solution apart from having a meta refresh set to the session expire time so that there would never be an instance where the user would be logged in and see a form but have an expired session.