A Cross-Site Forgery(CSRF) Token is a special encrypted string that is sent back from the server side to the client side or frontend of a web application. The token is sent back again from the frontend to the server side whenever a user fills out a form. The goal is to ensure that a form can only be submitted by the user who initially requested it.
The token typically has an expiry date and a new one is generated each time the user revisits the page.
Use Cases and Examples
As mentioned above the main goal of this token is to ensure that the original user who requested the form is the one submitting the data later on.
Once a user is logged into an application, an attacker can hijack the session and submit data on that user's behalf. With the token in place even if the user has a live session but the token is expired they won't be able to submit data to the server.
CSRF Tokens are mostly used with web forms, other types of tokens serve the same purpose but have different implementations. For example JWT is used mostly with APIs
Here is another article for you 😊 "What is SAML?"