CodeIgniter 2, Ion Auth gives a CSRF error message upon profile edit

I never did get to the root cause, however I have a theory that might explain some of this:

The Ion Auth CSRF Protection depends on flashdata, where flashdata only survives "the next" call to the server. My custom template loader might be calling the server twice since it first calls my loader function where the page is constructed, and then calls CodeIgniter's view function.

However, this theory does not really explain why an unmodified version of Ion Auth still fails in Safari. Feel free to post another answer if you can add anything substantial or conclusive to this.

As per a personal response from Ben Edmunds, the developer of Ion Auth...

"We added CSRF protection to the Ion Auth examples before CI built them into the framework so you might be best just removing them from the Ion Auth example controller and views if you’re using a newer version of CI with that built in."

Since I'm already using the latest version of CodeIgniter (2.1.4), I've decided to go this route.

The temporary workaround from my OP is now permanent:

I've enabled the "CSRF Protection" option on line 298 in the CodeIgniter config/config.php file.

$config['csrf_protection'] = TRUE;  // enabled CSRF protection

Then I suppressed the CSRF protection in Ion Auth by always returning true from this function.

function _valid_csrf_nonce(){    return TRUE;  // effectively disables Ion Auth's CSRF protection}

And finally, the developer commenting on using CodeIgniter's CSRF protection instead:

"Cool, that's really a better solution anyway since it's integrated throughout your application."