https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37060 --- Comment #14 from Jan Kissig <bibliothek@th-wildau.de> --- Hi there, I tried to implement what David said but somehow the authenticated cookie and the CRSF-token are bound together, and when I loose that token (but keep the session), there seems no chance of getting a valid token again. Wiki says: If you lose it for whatever reason, you can get a new Csrf-Token by using your authenticated cookie and sending a GET to /cgi-bin/koha/svc/authentication like you did in the first step. --- The token I received by GET /cgi-bin/koha/svc/authentication will always throw "wrong_csrf_token" so I build a workaround by logging out if GET /cgi-bin/koha/svc/authentication returns a valid session (<status>ok</status>) I uploaded a fixed version to https://gitlab.com/bibliothekTHWildau/koct-webext as I don't know if a pull request would work as I have no account on your git server. If someone wants to try with firefox (I used a german firefox , so maybe the naming is a bit different): - go to addons and themes - click the cog wheel and debug addons - load temporary add on - navigate to the downloaded extension and double click manifest.json -- You are receiving this mail because: You are watching all bug changes.