diff --git a/server.py b/server.py
index f14e2d96ec9ddd4f68de1244d19659a4e8e111d1..a06b3ae8af1578a07afa18532834b61d2f5c2b4a 100644
--- a/server.py
+++ b/server.py
@@ -527,7 +527,7 @@ def login():
 		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
 		dbuser = query('SELECT * FROM users WHERE name = ?', user)
 	session['user']['dbid'] = dbuser[0]['id']
-	session['_csrf_token'] = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(128))
+	session['_csrf_token'] = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(64))
 	session.permanent = True
 	return redirect(request.values.get('ref', url_for('index')))