Disable CSRF Reply PHP Melody uses CSRF protection by default. If you experience the following error message in your back-end, please consider disabling CSRF: Invalid token or session expired. Please load this page from the menu and try again. Here’s how to do it: