How does csrf attacks work?

An example:

Suppose that you have a page that deletes users, like user_delete.php?id= . On that page you take the id, verify in the session that the user has acces to delete that user, and you delete the user.