There are several types of authentication, each with its own pros and cons:

Cross-Site Request Forgery (CSRF)[pronounced see-surf] is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

Cross-site Scripting attack is a type of injection which is possible whenever a web application accepts an input from users without validating or encoding the input. For example if I enter scriptalert(0)/script in the search field of a website and the website is not encoding the special characters like or , then this script will be injected in raw format in the HTML and browser will execute it and diplay an alert box.