avoid cross site scripting via httpmodules for use in asp.net mvc2

Is there a better way other than the Anti Forgery Token like built-in functionalities in asp.net mvc2. I would like to code my own http module to avoid CSRF.

Also to my understanding the Anti开发者_运维知识库forgerytoken does not generate any cookies. Is the "double-submitted cookie" a good method?

Any best practices or suggestions.

--edit : This link is useful: Stackoverflow previous question

This library looks similar to what you are writing. http://anticsrf.codeplex.com/ It uses a cookie for a token. I've used it and it helped my project pass a security review.