Zend_Form_Element_Hash problem (unclear documentation?)

It is written in the documentation that it is enough to include the Zend_Form_Element_Hash element in a form and that CSRF protection is handled automatically by Zend_Form.

I have added the token like this:

$token = new Zend_Form_Element_Hash('security_token_agains开发者_运维问答t_csrf');
$token->setSalt($this->_helper->randomString());
$form->addElement($token);

But after submitting any form with such token I get this error:

The two given tokens do not match

Do I need to use any method during the form validation as well?

Have you tried it by setting the salt to be some well-defined (or at least repeatable) string?

When Zend_Form validates, it needs to recreate the hash from session data then compare to what's submitted, and if it's applying a different salt, that would cause tokens to not match.