I can't manage to make checktoken true on these two browsers on Android 4.4.2 and lower. It works on all desktop browsers and on the rest of browsers for Android. I guess it's doing some extra step that activate a new token but I don't know how to solve this appart of deactivate it.
Do you have a favicon.ico enabled in your site?
Yes! a working one, and i've blocked in the server configuration robots.txt and access.log as I've seen on another issue. This step make it work on all browsers except the mention ones. Is incompatible?
Do you have a favicon.ico enabled in your site?
Maybe you can take a look to the access.log in the server to see what files are being accessed?
I've solved it. Even if I use favicon, I needed to add that famous line to prevent the favicon to be loaded from /. I dont totally understand this because IT LOADS THE FAVICON, but CSFR WORK WITH THAT LINE. Anyway this problem was present just on android and chrome for android browsers...
Maybe you can take a look to the access.log in the server to see what files are being accessed?
NICE YOU FIND IT