Edit: I realized I didn't mention the multitude of other ways to discourage CSRF including re-authentication, CAPTCHA, referrer checking, etc. This article deals only with the "secret token" approach to stopping CSRF. CSRF ( Cross-Site Request Forgery...