PHP Prime : Doc : Security : Csrf

Cross Site Request Forgery

Otherwise known as CSRF.

This is handled automatically by the form helper.

It can also effect links, so never perform an action based on a simple link, e.g. to "delete" something. This can also be a problem if the browser pre-fetches the page.

However, while having a simple link to "logout" is also vulnerable (used as a denial of service attack for the user), the risk of the logout link not working due to a CSRF check is potentially even worse.