Robust Defenses for Cross Site Request Forgery

Cross-Site Request Forgery (CSRF) is a widely exploited web site vulnerability. In this paper, we present a new vari- ation on CSRF attacks, login CSRF, in which the attacker forges a cross-site request to the login form, logging the vic- tim into the honest web site as the attacker. The severity of