Understanding CSRF

Question

I don\'t understand how using a \'challenge token\' would add any sort of prevention: what value should compared with what?

From OWASP:

In gen

Answer 1

The attacker has no way to get the token. Therefore the requests won't take any effect.

I recommend this post from Gnucitizen. It has a pretty decent CSRF explanation: http://www.gnucitizen.org/blog/csrf-demystified/