checkToken() is not enough check value for CSRF Attack?
getToken()was not called on one session
It becomes a true comparison of
NULL between POST data and session data.
Could be CSRF vulnerability when using only in
checkToken() to input validation.
checkToken() should be check whether those value are false like
array(), I think.