This document proposes a client server mutual authentication technique to prevent CSRF (cross-site request forgery) attacks. It separates the identification and authentication steps. When a user logs in, the server provides an encoded authentication token to the user in the form of an image. To complete sensitive requests, the server asks the user to select the correct token from multiple images to verify their identity. Encoding the tokens with base64 encoding improves security. The technique was tested and found to prevent CSRF attacks made through POST or GET requests using JavaScript or HTML tags by requiring the valid token for each request. This provides better protection against CSRF attacks compared to existing solutions.