Good thought. The "double-submitted cookie" technique does exactly that.

		ww520 on June 18, 2011 \| parent \| context \| favorite \| on: JSON users: Avoid CSRFs by not using top-level arr... Good thought. The "double-submitted cookie" technique does exactly that.