Cross-Site Request Forgery

A browser sends cookies to a site when a request is made, regardless of where the request comes from. This coupled with the fact that web servers cannot distinguish between a request made from a user or from a browser allows an attacker to potentially fool the server into performing actions the user did not intentionally perform. This is known as a cross-site request forgery (XSRF). For more information about XSRF please follow the link to the official OWASP site.