What is CSRF, please see the details here. http://en.wikipedia.org/wiki/Cross-site_request_forgery
In Yii, how to start the CSRF authorization? It is very easy to do that.
Just add this to main.php
And then, do something else to send a request to the server, you have to provide the YII_CSRF_TOKEN ( the browser will do for us when click a link), otherwise, you will get this message
when you post a form, if you do not use CActiveForm or its children, you have to provide a hidden field to store the YII_CSRF_TOKEN.
If you use CActiveForm or its children, you just use the same code no matter you set enableCsrfValidation to true or false.
Yii will know how to do it!
Have fun with Yii! :)