A practitioner's breakdown of the CSRF attack: how the forged request works, two documented exploits, a manual test, and the ...