[eluser]pickupman[/eluser]
[quote author="Derek Allard" date="1278969940"]No problem. I don't think csrf is fully fleshed out yet, hence it hasn't been documented since it basically isn't implemented at this point. If there's anything else though, let me know and we'll get it documented lickity-split.[/quote]
Great, figured the csrf out and extended form_open to include field when enabled in config.php. Posted a fix in bitbucket for csrf cookie not getting set on first page load. Running into an issue now with Paypal IPN is getting error 500 when enabled. Would be nice to be able to override somehow with form_validation.
BTW, upgrade from 1.7.2 to 2.0dev was pretty painless.