Cross Site Request Forgery :: Primer
Cross Site Request Forgery :: Primer
HTTP: Stateless - server does not know the relation from one request to the next. (will discuss more in Sessions)
How a web browser views a page:
User types url, and browser retrieves the [entry point] HTML for the page.
GET /index.html HTTP/1.1
Browser parses HTML
<html><body>
Here is a picture of me:
<img src=
"hackergotchi.png"
></img></body>
Browser sends requests for each additional file required for page.
GET /hackergotchi.png HTTP/1.1