Preventing Cross Site Request Forgery

We need to implement a way prevent Cross Site Request Forgery, a.k.a. CSRF or XSRF. http://en.wikipedia.org/wiki/Cross-site_request_forgery

From what I've read, one way to tackle this (assuming one has no XSS vulnerabilities) is within every <form>, put a unique/unpredictable token and check this against a value that was saved into the user's session.
So for every page request that has a <form>:
1. Create a unique/unpredictable token. I'll be using SQL Server's NewID() since Coldfusion's CreateUUID() function is a little more predictable in within a small timeframe.
2. Append this token to an array in the user's session. This array may have more than one token since a user may multiple browser windows open. I may implement a timestamp on each token but that's undecided for now.
3. Write this token value as a hidden form field.
4. Check for the existence and value of the token form field within the array in the user's session for all POST requests. This can can be done in Application.cfc/cfm.
5. Reject requests that do not have the token or which contain an invalid token.

This seems pretty straightforward. The problem is that we may have to do this for 300-500 forms on our site. Most are regular HTML but some are CFFORMs.

Is any way using CF or any third-party tool to write this token into the form automatically at runtime? I found something called CSRFGuard http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project but I'm not sure how to integrate this with Coldfusion.

Thanks, and if you have any suggestions or comments please post.

Erik