1
1
.
.
7
7
C
C
S
S
R
R
F
F
(
(
C
C
r
r
o
o
s
s
s
s
-
-
S
S
i
i
t
t
e
e
R
R
e
e
q
q
u
u
e
e
s
s
t
t
F
F
o
o
r
r
g
g
e
e
r
r
y
y
)
)
I
I
n
n
f
f
o
o
[
[
R
R
]
]
Cross-Site Request Forgery (CSRF) is an attack that
● executes HTTP Request (without User's knowledge)
● from User's Browser (that has Session Token to automatically Authenticates User)
● to Web Application (in which User is currently authenticated)
Such HTTP Request will then contain Session Token that automatically Authenticates User.
Session Token is sent because HTTP Request come from User's Browser (that has Session Token).
Web Application will then execute command contained inside the HTTP Request because it knows that HTTP Request
came from already Authenticated User/Browser.
But Web Application doesn't know that User didn't want to execute that command.
CSRF Token is a way of preventing CSRF Attack.
CSRF Token is a random value sent by Web App which is stored in a hidden Field inside the Form.
It is resent to the Web App when user submits the Form in order to Authenticates Web Page from which Request came.
