Generates a single-use key to be embedded in a form or used with another non-idempotent
request (a request that changes the state of the server or application), that will match
against a client session token using the check() method.
See also:
lithium\security\validation\RequestToken::check()