Watch this video on YouTube
What is the root cause of a successful cross-site request forgery (XSRF) attack against an application?