== Ask Yourself Whether

* The web application uses cookies to authenticate users.
* There exist sensitive operations in the web application that can be performed when the user is authenticated.
* The state / resources of the web application can be modified by doing HTTP POST or HTTP DELETE requests for example.

There is a risk if you answered yes to any of those questions.