It checks for a form token in the request. This function is used in conjunction with \JHtml::_('form.token') or \JSession::getFormToken.
public function checkToken($method = 'post', $redirect = true)
{
$valid = \JSession::checkToken($method);
if (!$valid && $redirect)
{
$referrer = $this->input->server->getString('HTTP_REFERER');
if (!\JUri::isInternal($referrer))
{
$referrer = 'index.php';
}
$app = \JFactory::getApplication();
$app->enqueueMessage(\JText::_('JINVALID_TOKEN_NOTICE'), 'warning');
$app->redirect($referrer);
}
return $valid;
}