diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e56d518..bf40863 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -107,7 +107,7 @@ class ApplicationController < ActionController::Base
   protected
 
   def verified_request?
-    super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
+    super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
   end
 
   def setup_multitenancy
diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index b957b48..1d310b7 100644
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -568,6 +568,12 @@ function userDataCallback(data) {
     // logged in
     jQuery('head').append('<meta content="authenticity_token" name="csrf-param" />');
     jQuery('head').append('<meta content="'+jQuery.cookie("_noosfero_.XSRF-TOKEN")+'" name="csrf-token" />');
+    jQuery.ajaxSetup({
+      cache: false,
+      headers: {
+        'X-XSRF-TOKEN': jQuery.cookie("_noosfero_.XSRF-TOKEN")
+      }
+    });
   }
   if (data.notice) {
     display_notice(data.notice);
--
libgit2 0.21.2