OK, we are getting closer. Due to the fact that my application doesn't exhibit the same 403 errors on another server that tells me that it's likely a server configuration that is not compatible with CodeIgniter's CSRF implementation. So, I replaced my httpd.conf and php.ini with default production versions and with just the bare minimum server configuration. I found that I was no longer getting the 403 errors. Then I put my php.ini file back to the way it was and immediately the 403 errors came back. This means that minimally there is a problem with the php.ini configuration. I am going to one-at-a-time reimplement and test each directive to see what's causing it and will report back, since it's likely to be useful for anyone else with the same configuration.