Codeigniter CSRF token problem
It may help to change your 'sess_cookie_name' in config.php to ensure that it has no spaces or underscores.
$config['sess_cookie_name'] = 'mycookiename';
I had the same problem: totally clean instal of CI 2.1.0, on MAMP, and just following along the tutorial in the User Guide.
After a lot of searching and googling, I found that in 'application/config.php', the variable $config['cookie_prefix'] must always be set to empty, otherwise if CSRF protection is turned on, this error will occur.
It could be that there are other issues involved - ie., session library, encryption or XSS protection, etc. - but just leaving the 'cookie_prefix' empty seems to have sorted it for me.
I hope this helps others.
CSRF is valid when token from the hidden field is matching token from the cookie. Check four things:
Don't use native php sessions (session_start etc). Switch to Session class in CI. http://codeigniter.com/user_guide/libraries/sessions.html
Check cookie config in /application/config/config.php
Check value of token in your form, is it different every page refresh?
Maybe try to download current version of CI from https://bitbucket.org/ellislab/codeigniter-reactor/downloads