Can we support bulk upload of BibTeX without checking ckey such that sites can allow users to import more than one record in BibSonomy? When the records are stored automatically, this can't be enabled, since otherwise a CSRF attack is possible where a malicious site uploads content to the user's account without the user knowing it. But if the user has to acknowledge the posts beforehand, this should be possible.
Please check whether the condition can be relaxed such that when "edit before import" is enabled (and nothing is actually stored!) the user can edit uploaded posts even when no ckey is provided (in the first round).
If possible, limit the number of records/file size in such a case.