Revisit CSRF page

Closes gh-13089

Author: Steve Riesenberg

docs/modules/ROOT/assets/images/servlet/exploits/csrf-processing.odg

@@ -403,6 +403,6 @@ Once you have logout configured you can test it using xref:servlet/test/mockmvc/
 - xref:servlet/test/mockmvc/logout.adoc#test-logout[Testing Logout]
 - xref:servlet/integrations/servlet-api.adoc#servletapi-logout[HttpServletRequest.logout()]
 - xref:servlet/authentication/rememberme.adoc#remember-me-impls[Remember-Me Interfaces and Implementations]
-- xref:servlet/exploits/csrf.adoc#servlet-considerations-csrf-logout[Logging Out] in section CSRF Caveats
+- xref:servlet/exploits/csrf.adoc#csrf-considerations-logout[Logging Out] in section CSRF Caveats
 - Section xref:servlet/authentication/cas.adoc#cas-singlelogout[Single Logout] (CAS protocol)
 - Documentation for the xref:servlet/appendix/namespace/http.adoc#nsa-logout[logout element] in the Spring Security XML Namespace section

docs/modules/ROOT/assets/images/servlet/exploits/csrf-processing.png

@@ -183,7 +183,7 @@ The following https://www.thymeleaf.org/[Thymeleaf] template produces an HTML lo
 There are a few key points about the default HTML form:
 
 * The form should perform a `post` to `/login`.
-* The form needs to include a xref:servlet/exploits/csrf.adoc#servlet-csrf[CSRF Token], which is xref:servlet/exploits/csrf.adoc#servlet-csrf-include-form-auto[automatically included] by Thymeleaf.
+* The form needs to include a xref:servlet/exploits/csrf.adoc#servlet-csrf[CSRF Token], which is xref:servlet/exploits/csrf.adoc#csrf-integration-form[automatically included] by Thymeleaf.
 * The form should specify the username in a parameter named `username`.
 * The form should specify the password in a parameter named `password`.
 * If the HTTP parameter named `error` is found, it indicates the user failed to provide a valid username or password.