According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery? 

Answer options:

A. Allow only POST requests.
B. Mark all cookies as HTTP only.
C. Use per-session challenge tokens in links within your web application.
D. Always use the "secure" attribute for cookies.
E. Require strong passwords.

C