CSRF - What it means to you!!

Here's a great summary of what can and can't happen with CSRF (cross site request forgery):

1. http://www.playframework.com/documentation/2.2.x/JavaCsrf
2. And how to prevent it: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

It's not as hard to protect against as it seems, and it's absolutely worth doing.