What is CSRF?
CSRF – Cross-site request forgery, also known as XSRF, is a type of exploit. CSRF works by exploiting the trust that a site has for a user. If a user is logged into the site and has a validated login cookie, the attacker tricks the user into loading a page in the browser to make a malicious request.
How to perform a CSRF attack?
How to prevent CSRF in my applications?
> Limit the lifetime of session cookies
> Require an unpredictable, randomly generated, hashed, time limit, unique per user session token in all requests
> Require the user to re-authenticate herself to perform any operation such as password change etc
> Checking the HTTP Referer Header
> Use POST requests instead of GET requests
You must apply all the above to protect your application not just one.