This class can be used to generate and check tokens to avoid Cross-Site Request Forgery (CSRF) attacks. It generates random token strings and stores it as session variable associated to the time when the token was created. The generated token be used to pass in an hidden input form for later verification against CSRF attacks. The class can also check if the token is valid by looking at the respective session variable and verifying whether it did not pass more time than a configurable token timeout value.