Topic starter
CSRF stands for Cross-Site Request Forgery. It’s a type of web security attack where a malicious site tricks a user’s browser into performing an unwanted action on another site where the user is already logged in.
CSRF exploits the fact that:
- Browsers automatically include cookies (like login sessions) with requests.
- Websites often trust those cookies without verifying the request source.
How websites prevent CSRF
Common protections include:
- CSRF tokens (most important):
A unique, secret value included in forms that attackers can’t guess. - SameSite cookies:
Restr cookies from being sent in cross-site requests. - Checking headers like
OriginorReferer - Re-authentication for sensitive actions
CSRF is dangerous because it uses your own authenticated session against you—it doesn’t need to hack your password.
Posted : 07/05/2026 11:05 pm
