note Anonymous Monk <p><i>I don't know if this prevents all XSRF vectors, but it seems pretty secure. </i><p> It prevents zero [wikipedia://XSRF] vectors because XSRF is <i> session riding </i> , the request comes from the users browser, using the existing session cookie 994418 994542 1