It is written in the documentation that it is enough to include the Zend_Form_Element_Hash element in a form and that CSRF protection is handled automatically by Zend_Form.
I have added the token like this:
$token = new Zend_Form_Element_Hash('security_token_against_csrf');
$token->setSalt($this->_helper->randomString());
$form->addElement($token);
But after submitting any form with such token I get this error:
The two given tokens do not match
Do I need to use any method during the form validation as well?