New CSRF tokens

Hey guys,

I've just committed a change to the way we generate and use CSRF
tokens in rails[1]. Instead of all the stuff involving :secret and
session ids, we simply take advantage of ActiveSupport::SecureRandom.
This simplifies the tests and code drastically, and shouldn't have
any negative impact on security.

Any feedback or reports of breakage greatly appreciated.

Also, thanks to Adam Barth and Colin Jackson of Stanford for taking
the time to verify the approach with me.

[1] http://github.com/rails/rails/commit/9fdb15e60f4d4e37916e5354c50d559773bbe014

Awesome. Working fine for me so far.

Jeff