What is CSRF

Cross-site request forgery (CSRF or XSRF) is a web vulnerability where an attacker can perform actions on behalf of a victim. This is possible because the browser automatically attaches the session cookie to cross-site requests. (Also called one-click attack or session riding.)

How does CSRF Work

In this chapter we want to explore this vulnerability in depth. For that we have to first understand how session-based authentication works in a web application.