Backport "Revisit CSRF page" to 6.0.x

(cherry picked from commit e7fa34008b01b2ec56b08bb94c131d4bfbd313a1)

Closes gh-13910

docs/modules/ROOT/pages/servlet/authentication/logout.adoc

@@ -150,5 +150,5 @@ If not configured, a status code 200 is returned by default.
 - xref:servlet/test/mockmvc/logout.adoc#test-logout[Testing Logout]
 - xref:servlet/integrations/servlet-api.adoc#servletapi-logout[`HttpServletRequest.logout()`]
 - xref:servlet/authentication/rememberme.adoc#remember-me-impls[Remember-Me Interfaces and Implementations]
-- xref:servlet/exploits/csrf.adoc#servlet-considerations-csrf-logout[Logging Out] in section CSRF Caveats
+- xref:servlet/exploits/csrf.adoc#csrf-considerations-logout[Logging Out] in section CSRF Caveats
 - Documentation for the xref:servlet/appendix/namespace/http.adoc#nsa-logout[logout element] in the Spring Security XML Namespace section

docs/modules/ROOT/pages/servlet/authentication/passwords/form.adoc

@@ -188,7 +188,7 @@ The following https://www.thymeleaf.org/[Thymeleaf] template produces an HTML lo
 There are a few key points about the default HTML form:
 
 * The form should perform a `post` to `/login`.
-* The form needs to include a xref:servlet/exploits/csrf.adoc#servlet-csrf[CSRF Token], which is xref:servlet/exploits/csrf.adoc#servlet-csrf-include-form-auto[automatically included] by Thymeleaf.
+* The form needs to include a xref:servlet/exploits/csrf.adoc#servlet-csrf[CSRF Token], which is xref:servlet/exploits/csrf.adoc#csrf-integration-form[automatically included] by Thymeleaf.
 * The form should specify the username in a parameter named `username`.
 * The form should specify the password in a parameter named `password`.
 * If the HTTP parameter named `error` is found, it indicates the user failed to provide a valid username or password.

docs/modules/ROOT/pages/servlet/integrations/mvc.adoc

@@ -562,7 +562,7 @@ Spring Security integrates with Spring MVC to add CSRF protection.
 
 === Automatic Token Inclusion
 
-Spring Security automatically xref:servlet/exploits/csrf.adoc#servlet-csrf-include[include the CSRF Token] within forms that use the https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html#view-jsp-formtaglib-formtag[Spring MVC form tag].
+Spring Security automatically xref:servlet/exploits/csrf.adoc#csrf-integration-form[include the CSRF Token] within forms that use the https://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/view.html#view-jsp-formtaglib-formtag[Spring MVC form tag].
 Consider the following JSP:
 
 [source,xml]

docs/modules/ROOT/pages/servlet/integrations/websocket.adoc

@@ -301,7 +301,7 @@ Typically we need to include the CSRF token in an HTTP header or an HTTP paramet
 However, SockJS does not allow for these options.
 Instead, we must include the token in the Stomp headers.
 
-Applications can xref:servlet/exploits/csrf.adoc#servlet-csrf-include[obtain a CSRF token]  by accessing the request attribute named `_csrf`.
+Applications can xref:servlet/exploits/csrf.adoc#csrf-integration[obtain a CSRF token] by accessing the request attribute named `_csrf`.
 For example, the following allows accessing the `CsrfToken` in a JSP:
 
 [source,javascript]