Let you Controller
- generate access token
- store in session for later comparison
In your View
- declare the access token as JS variable
- send the token with each request
Back in your Controller
- validate HTTP_X_REQUESTED_WITH
- validate token
Check these security guidelines from OpenAjax.
Also, read the article on codinghorror.com Annie linked.