I’ve become very accustomed to using Joomla’s JRequest class in custom Components. Since that class is now deprecated, I’m having to find new work-arounds, most involving the JInput class. Pretty much ever form had been using JRequest::checkToken() to guard against CSRF attacks, like:

if (!JRequest::checkToken())
$this->setError('Invalid (or expired) request token.');

To get around using JRequest, I’m now using this:

$app = JFactory::getApplication();
$token = JSession::getFormToken();
if (!$token || !$app->input->get($token, null, 'alnum'))
$this->setError('Invalid (or expired) request token.');

…which seems to work in pretty much the same way. In the old JRequest::checkToken() method, it was also redirecting to the login page if no session was detected, which I’m generally skipping.