Details are here: http://en.wikipedia.org/wiki/Cross-site_request_forgery
My Suggestions:
1. Always check HTTP referer before form submissions. Is the REFERER same as expected? It is fine if there is no referer value available.
2. Do not allow sensitive actions without using tokens in the URLs. And tokens must be authenticated, ie user specific and no one else can use it. Tokens must change on each sensitive request. This will prevent CSRF by using "URL to sensitive action" as a src of image.
