diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
index 683d20d4ab..81b1769c6f 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
@@ -48,7 +48,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
  * Typically the {@link CsrfTokenRepository} implementation chooses to store the
  * {@link CsrfToken} in {@link HttpSession} with
  * {@link HttpSessionCsrfTokenRepository}. This is preferred to storing the
- * token in a cookie which.
+ * token in a cookie which can be modified by a client.
  * </p>
  *
  * @author Rob Winch