Translations:Manual:Edit token/11/en

What is actually embedded into the web page is not the  element itself. Rather, this element is concatenated to the salt, which is a string that depends on the particular action and page; the resulting string is then MD5-hashed; this is what is embedded in the web page. When the user actually requests the action, this string is sent back to the server via an HTTP parameter. The server can then check the correctness of this parameter: it repeats the procedure used to generate it from the PHP session and checks if the result is equal to the parameter.