[eluser]Treeda[/eluser]
This is kinda magic, i'm just hunting this problem since 2 hours also....
was only testing in FF and now realized getting this weird errors in others... having exact same problem as initial poster.
I checked that the csrf token is in the form and that it gets transmitted. but getting "invalid".
Well seems i need to dive in to debug this myself... but first i will try that cookie underscore trick....