The Cross-site request forgery, also known as one-click attack or session riding (sometimes pronounced sea-surf), is a type of malicious exploit of a website or web application where unauthorized commands are submitted from a user that the web application trusts.

May also be known as XSRF.