diff --git a/api/funkwhale_api/users/views.py b/api/funkwhale_api/users/views.py
index a143c4fd2..644e48cc2 100644
--- a/api/funkwhale_api/users/views.py
+++ b/api/funkwhale_api/users/views.py
@@ -128,11 +128,17 @@ def login(request):
         )
     serializer.save(request)
     csrf.rotate_token(request)
-    return http.HttpResponse(status=200)
+    token = csrf.get_token(request)
+    response = http.HttpResponse(status=200)
+    response.set_cookie("csrftoken", token, max_age=None)
+    return response
 
 
 def logout(request):
     if request.method != "POST":
         return http.HttpResponse(status=405)
     auth.logout(request)
-    return http.HttpResponse(status=200)
+    token = csrf.get_token(request)
+    response = http.HttpResponse(status=200)
+    response.set_cookie("csrftoken", token, max_age=None)
+    return response
diff --git a/front/src/store/auth.js b/front/src/store/auth.js
index c28e8849d..4829a6875 100644
--- a/front/src/store/auth.js
+++ b/front/src/store/auth.js
@@ -168,10 +168,6 @@ export default {
         commit(`${m}/reset`, null, {root: true})
       })
       logger.default.info('Log out, goodbye!')
-      await router.push({name: 'index'}, () => {
-        // refresh to get a new CSRF token
-        window.location.reload(true)
-      })
     },
     async check ({commit, dispatch, state}) {
       logger.default.info('Checking authentication…')