In Rails, do you need to use form_authenticity_token if you're already checking if a user is logged in?

Because form_authenticity_token is used to validate requests, is it redundant to use it when you're already checking whether a user is logged in?

I.e., is form_authenticity_token really intended only for forms which are available to anyone, as opposed to forms exclusively for logged-in users?

From stackoverflow

• Being logged in would make an XSRF attack worse, because then it could actually damage real data. Check these out as a starting point.

  XSRF in a RESTful Application

  Cross-Site Request Forgeries and You

• No because in CSRF attacks requests are sent by the client's browser which is authenticated and may delete his data.

  Read the Ruby on Rails Security Guide section about CSRF.