diff --git a/editor/include/auth.inc.php b/editor/include/auth.inc.php
index e1367b20..f3d5096e 100644
--- a/editor/include/auth.inc.php
+++ b/editor/include/auth.inc.php
@@ -9,3 +9,4 @@ if (is_string($dbh)) {
 	auth_error();
 	exit;
 }
+$_SESSION["tokens"][$_GET["server"]] = rand(1, 1e6); // defense against cross-site request forgery