diff --git smackdown.js smackdown.js
index 8e03968..6017cfc 100644
--- smackdown.js
+++ smackdown.js
@@ -53,7 +53,7 @@
         var params = {'cid':nid, 'sid':sid};
         // post nid and context to smackdown/vote
         ajaxOptions = {
-          url: Drupal.settings.basePath + 'smackdown/vote',
+          url: Drupal.settings.basePath + 'smackdown/vote/' + Drupal.settings.smackdown.token,
           dataType: 'json',
           data: params,
           success: function(json) {
diff --git smackdown.module smackdown.module
index 5ebb014..323e9a0 100644
--- smackdown.module
+++ smackdown.module
@@ -30,7 +30,7 @@ function smackdown_perm() {
  * Implementation of hook_menu().
  */
 function smackdown_menu() {
-  $items['smackdown/vote'] = array(
+  $items['smackdown/vote/%smackdown_token'] = array(
     'page callback'     => 'smackdown_vote',
     'access arguments'  => array('vote on smackdowns'),
     'type'              => MENU_CALLBACK,
@@ -47,6 +47,13 @@ function smackdown_menu() {
 }
 
 /**
+ * Menu load function to do a token verification
+ */
+function smackdown_token_load($token) {
+  return drupal_valid_token($token, $_GET['sid']);
+}
+
+/**
  * Menu load function to verify the node is a smackdown
  */
 function smackdown_load($nid) {
@@ -121,6 +128,7 @@ function smackdown_nodeapi(&$node, $op) {
             'nid' => $node_array[$field_names[1]][0]['nid'],
           ),
           'location' => 'node/'. $node->nid .'/voting-results',
+          'token' => drupal_get_token($node->nid),
         ),
       );
       drupal_add_js($settings, 'setting');