One way that your website might be vulnerable to an attack is via a Cross-Site Request Forgery (CSRF or XSRF).
If you’ve ever been logged into a website — say Twitter, for example — and you open a separate tab and type in a Twitter account, for example, this Twitter feed: https://www.twitter.com/paul_michaels. You’ll notice that when the site opens, it opens already logged in for you, which can be very helpful. Imagine having to log in every single time that you wanted to view a Tweet or a profile.
DZone Security Zone