[Haskell]

Not only it scalable as it is the only solution.

See "Good Patterns & procedures to prevent CSRF": http://www.owasp.org/index.php/Reviewing_code_for_Cross-Site...