I know how to enable CSRF in forms in CodeIgniter, however I am not sure how to implement this feature in CodeIgniter classic link (e.g. for adding/deleting private messages, posts etc. in admin area)

Now I am using something like this:

VIEW

<?php echo anchor('account/delete_private_message/'.$obj->pmID, 'delete mesage', array('onclick' => 'return confirm(\'Do you really want to delete this private message?\');', 'class' => 'delete-message-button')); ?>

CONTROLLER

function delete_private_message($pmID = '')
    {

        $deleted_pm = $this->account_model->delete_pm($pmID);

        if($deleted_pm)
        {
            $this->session->set_flashdata('status', 'PM was deleted successfully');
        }
        else
        {
            $this->session->set_flashdata('status', 'Error');
        }
        redirect('account/private_messages');
    }

MODEL

function delete_pm($pmID)
    {

        $return = 0;
        if(!empty($pmID))
        {
            $this->db->where('pmID', $pmID);
            $result = $this->db->delete('private_messages');
        }
        return $result;
    }

And if user click on OK in the popup the message is deleted.

The question is how to add token to the link and to the session of the user and verify it etc. I do not know how to achieve this to work properly.

EDIT: I just guess I have to add the generated token at the end of the link like:

account/delete_private_message/1239/dfdf6e7re67a6e87r6e87r69876bn3

and the value dfdf6e7re67a6e87r6e87r69876bn3 also in the session of the current user and verify them in controller. However, what ecxactly should I do, I don’t know. So, any help is appreciated.