token_tag Madness! Or how do I get my pre 2.x code to work again

I have an HTML MAP over laying some video so i can control aPTZ camera
through my server code. The camera is not visible outside the network
so i want to control access to it.

<map name="ptz2" >
  <area shape="rect" coords="0,0,60,45"
                                onclick="new Ajax.Request('/page/
moveCamera_upleft?ip=', {asynchronous:true,
evalScripts:true})" ></area>
  <area shape="rect" coords="60,0,180,45"

The above code is generate by some ruby code in the model area.rb


def createArea()
  for a in @areas

     line = "<area shape=\"#{a.shape}\" coords=
                                onclick=\"new Ajax.Request('/page/
moveCamera_#{a.command}?ip=#{ip}', {asynchronous:true,
evalScripts:true})\" ></area> "
                        lines[i] = line
                        i = i + 1

The above code worked just fine. But with the new token_tag stuff it
won't work and I don't have a clue how to make it work.

My question is where to I put the the "token_tag" stuff to create the
token so Rails won't reject the request? I generate the code within
the area.rb so the model has control over the data it gets from the

I really don't want to create new "rails" functions or override stuff
that will get outdated in the next Rails release. I just want to know
how to fix my Ajax.Request() line so my code will work again.

I know it has something to do with ":url =>
token_tag_nightmare_additons" in Ajax.Request or i need to create
remote_function with it. But this code works and if I remember
correctly it was hard enough to get it work the first time.

(Please just help. And try to be specific as you can. Hand waving does
not actually help nor does a lecture on why dont I do it the the
"Rails Form way". As of this point I am so fustrated with the
2.0.death Rails release that I feel like dumping my 2 years worth of
work in ROR and rewritting it in PHP.)

((Yes, i have every imaginable book on ROR in my library here, so if
you can cite a specific page in a Book that would be great too.))

And yes, i do have it working with the old code by turning off the
       skip_before_filter :verify_authenticity_token

[lots of ugliness stripped]

If you really want to put that code smell in your model, it's up
to you, but then don't complain it will not work with future
Rails versions.

If you want to do a mess between models and views,
then do it, but don't complain it's Rails fault.

See in #options_for_ajax method in prototype_helper.rb, how
CSRF stuff is handled in Ajax :

if protect_against_forgery? && !options[:form]
if js_options['parameters']
   js_options['parameters'] << " + '&"
   js_options['parameters'] = "'"
   js_options['parameters'] << "#{request_forgery_protection_token}='
+ encodeURIComponent('#{escape_javascript form_authenticity_token}')"

A helper would be a better place to put all your code...

   -- Jean-François.