CSRF forces a logged-on victim's browser to send a forged HTTP request, including session cookies.

• Implement anti-CSRF state tokens (Synchronizer Token Pattern)
• Use SameSite=Lax or SameSite=Strict flag on session cookies
• Require re-authentication for highly sensitive actions