minor #5818 document old way of checking validity of CSRF token (snoek09)

This PR was squashed before being merged into the 2.3 branch (closes #5818).

Discussion
----------

document old way of checking validity of CSRF token

| Q             | A
| ------------- | ---
| Doc fix?      | yes
| New docs?     | yes
| Applies to    | all
| Fixed tickets | Related to #4668

Commits
-------

8257cc8 document old way of checking validity of CSRF token

Author: xabbuh

book/controller.rst

@@ -796,6 +796,24 @@ Just like when creating a controller for a route, the order of the arguments of
 order of the arguments, Symfony will still pass the correct value to each
 variable.
 
+Checking the Validity of a CSRF Token
+-------------------------------------
+
+Sometimes you want to use CSRF protection in an action where you don't want to use a
+Symfony form.
+
+If, for example, you're doing a DELETE action, you can use the
+:method:`Symfony\\Component\\Form\\Extension\\Csrf\\CsrfProvider\\CsrfProviderInterface::isCsrfTokenValid`
+method to check the CSRF token::
+
+    $csrf = $this->container->get('form.csrf_provider');
+    $intention = 'authenticate';
+    $token = $csrf->generateCsrfToken($intention);
+
+    if (!$csrf->isCsrfTokenValid($intention, $token)) {
+        // CSRF token invalid! Do something, like redirect with an error.
+    }
+
 Final Thoughts
 --------------