diff --git a/lib/init.php b/lib/init.php
index 4081555e..33785834 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -314,15 +314,20 @@ $mail = new Mailer(true);
 
 // initialize csrf
 if (CurrentUser::hasSession()) {
-	$new_token = Froxlor::genSessionId(20);
-	UI::twig()->addGlobal('csrf_token', $new_token);
-	if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+	// create new csrf token if not set
+	if (!$csrf_token = CurrentUser::getField('csrf_token')) {
+		$csrf_token = Froxlor::genSessionId(20);
+		CurrentUser::setField('csrf_token', $csrf_token);
+	}
+	// set csrf token for twig
+	UI::twig()->addGlobal('csrf_token', $csrf_token);
+	// check if csrf token is valid
+	if (in_array($_SERVER['REQUEST_METHOD'], ['POST', 'PUT', 'PATCH', 'DELETE'])) {
 		$current_token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
 		if ($current_token != CurrentUser::getField('csrf_token')) {
 			Response::dynamicError('CSRF validation failed');
 		}
 	}
-	CurrentUser::setField('csrf_token', $new_token);
 	// update cookie lifetime
 	$cookie_params = [
 		'expires' => time() + Settings::Get('session.sessiontimeout'),
diff --git a/templates/Froxlor/base.html.twig b/templates/Froxlor/base.html.twig
index 41b0d018..881184eb 100644
--- a/templates/Froxlor/base.html.twig
+++ b/templates/Froxlor/base.html.twig
@@ -7,7 +7,7 @@
 	<meta name="robots" content="noindex, nofollow, noarchive"/>
 	<meta name="googlebot" content="nosnippet"/>
 	<link rel="icon" type="image/x-icon" href="{{ basehref|default('') }}templates/Froxlor/assets/img/icon.png">
-	<meta name="csrf-token" content="{{ csrf_token }}" />
+	{% if csrf_token %}<meta name="csrf-token" content="{{ csrf_token }}" />{% endif %}
 
 	<!-- CSS -->
 	{% if theme_css is empty %}