Stateless CSRF ProtectionIn the era of RESTful services and rich internet applications it's important to find security solutions that don't impose unnecessary state or computation on servers. I previously wrote a post on stateless session ids. Let's have a look at how we can protect against cross-site request forgeries (CSRF) without server-side state. CSRF Basics Forged requests are nasty attacks. They rely on the fact t
