[eluser]DaveLittle[/eluser]
I'm pretty sure that Codeigniter automatically validates the CSRF (although I could be wrong)
If you use the form helper and use: form_open() it will automatically give you the csrf in a hidden input, on my website if the CSRF is wrong, or not existance, Ajax throws back error 500