High Volume of Calls Resulting in 401 errors - CSRF token in request did not match value in the session cache

Author: Riya Ray
Date: January 21, 2026
Audience: Everyone
Environmental Details:

• Self-hosted, Replicated - KOTS
• Jama Connect® 9.22.1

Summary 

This article discusses the occurrence of multiple 401 error codes triggered by a single user accessing the GUI, leading to application performance degradation.

Solution 

Close older browser session, this terminates the background requests resolving the issue immediately.

Cause 

The issue arises when a user logs in multiple times while previous sessions remained open, causing stale CSRF tokens to generate errors. This led to excessive background requests, saturating CPU and request queues, which degraded application performance.

Error Snippet: 

contour.log.1:2025-11-27 11:24:02,709 WARN  http-nio-8080-exec-3434 jama8_prod [f04f6e] [com.jamasoftware.contour.security.CSRFSecurityFilter] - CSRF token in request did not match value in the session cache: Request: [2877e98d-cb84-400c-ac3c-91480139390d] CachedToken: [0962bc51-8cb0-4d09-928b-5dc8afa970aa] Path: [/ui/internal/users/current]
 

Prevention 

To prevent similar issues, users should manage their sessions effectively by logging out when not in use and avoiding multiple logins. 

• Close or log out of the application when not in use.
• Avoid multiple simultaneous logins or leaving the application open in multiple tabs.
• Refresh the page after extended inactivity to synchronize the CSRF token.
• Close older tabs before performing a new login to prevent invalid token requests.

Feedback:
We welcome your input! Please leave any comments, suggestions, or improvement ideas below.