Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -rfea3637199c74851ed7a8fa620da1ccb898be819 -rf90d546554d75ad8f1058e5d47733d5703f1f411
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision fea3637199c74851ed7a8fa620da1ccb898be819)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision f90d546554d75ad8f1058e5d47733d5703f1f411)
@@ -65,6 +65,7 @@
 
 org.owasp.csrfguard.protected.scratchieDefineLater=/lams/tool/lascrt11/authoring/definelater.do
 org.owasp.csrfguard.protected.scratchieSubmissionDeadline=/lams/tool/lascrt11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.scratchieSaveUserMark=/lams/tool/lascrt11/monitoring/saveUserMark.do
 
 org.owasp.csrfguard.protected.spreadsheetDefineLater=/lams/tool/lasprd10/authoring/definelater.do
 
Index: lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/MonitoringController.java
===================================================================
diff -u -r1beaa4cc5e224dd433297d543c5511234c0bfc10 -rf90d546554d75ad8f1058e5d47733d5703f1f411
--- lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/MonitoringController.java	(.../MonitoringController.java)	(revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
+++ lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/MonitoringController.java	(.../MonitoringController.java)	(revision f90d546554d75ad8f1058e5d47733d5703f1f411)
@@ -165,7 +165,7 @@
 	return "pages/monitoring/parts/itemSummary";
     }
 
-    @RequestMapping("/saveUserMark")
+    @RequestMapping(path = "/saveUserMark", method = RequestMethod.POST)
     private String saveUserMark(HttpServletRequest request) {
 
 	if ((request.getParameter(ScratchieConstants.PARAM_NOT_A_NUMBER) == null)
Index: lams_tool_scratchie/web/pages/monitoring/summary.jsp
===================================================================
diff -u -r1beaa4cc5e224dd433297d543c5511234c0bfc10 -rf90d546554d75ad8f1058e5d47733d5703f1f411
--- lams_tool_scratchie/web/pages/monitoring/summary.jsp	(.../summary.jsp)	(revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
+++ lams_tool_scratchie/web/pages/monitoring/summary.jsp	(.../summary.jsp)	(revision f90d546554d75ad8f1058e5d47733d5703f1f411)
@@ -74,7 +74,7 @@
 					launchPopup(userSummaryUrl, "MonitoringReview");		
 			  	},
 			   	// caption: "${summary.sessionName}",
-				cellurl: '<c:url value="/monitoring/saveUserMark.do"/>',
+				cellurl: '<c:url value="/monitoring/saveUserMark.do"/>?<csrf:token/>',
   				cellEdit: true,
   				afterEditCell: function (rowid,name,val,iRow,iCol){
   					oldValue = eval(val);