Also fix CSRF token. This was probably broken since csurf middleware was modified to use cookie instead of session storage to provide support for single page app (SPA).
