diff --git a/media/js/base.js b/media/js/base.js
index d240ea823d..6f3b093b92 100644
--- a/media/js/base.js
+++ b/media/js/base.js
@@ -103,7 +103,7 @@ function addConfirmTo(op_ele, popup) {
                 $('<form>', {
                     "method": 'POST',
                     "action": $(this).data('url'),
-                    "html": '<input name="csrfmiddlewaretoken" value="' + getCookie('csrftoken') + '" type="hidden">'
+                    "html": '<input name="csrfmiddlewaretoken" value="' + getCookie('sfcsrftoken') + '" type="hidden">'
                 }).appendTo(document.body).trigger('submit');
             } else { // default
                 location.href = $(this).data('url');
@@ -130,7 +130,7 @@ function addFormPost(op_ele) {
         $('<form>', {
             "method": 'POST',
             "action": $(this).data('url'),
-            "html": '<input name="csrfmiddlewaretoken" value="' + getCookie('csrftoken') + '" type="hidden">'
+            "html": '<input name="csrfmiddlewaretoken" value="' + getCookie('sfcsrftoken') + '" type="hidden">'
         }).appendTo(document.body).trigger('submit');
         return false;
     });
@@ -223,7 +223,7 @@ function getCookie(name) {
 function prepareCSRFToken(xhr, settings) {
     if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
         // Only send the token to relative URLs i.e. locally.
-        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+        xhr.setRequestHeader("X-CSRFToken", getCookie('sfcsrftoken'));
     }
 }
 
diff --git a/seahub/base/context_processors.py b/seahub/base/context_processors.py
index b4b0efa3ea..c982b5893e 100644
--- a/seahub/base/context_processors.py
+++ b/seahub/base/context_processors.py
@@ -108,6 +108,7 @@ def base(request):
         'multi_institution': getattr(dj_settings, 'MULTI_INSTITUTION', False),
         'search_repo_id': search_repo_id,
         'SITE_ROOT': SITE_ROOT,
+        'CSRF_COOKIE_NAME': dj_settings.CSRF_COOKIE_NAME,
         'constance_enabled': dj_settings.CONSTANCE_ENABLED,
         'FILE_SERVER_ROOT': file_server_root,
         'LOGIN_URL': dj_settings.LOGIN_URL,
diff --git a/seahub/settings.py b/seahub/settings.py
index b72a738a3a..8df1e1c7a3 100644
--- a/seahub/settings.py
+++ b/seahub/settings.py
@@ -130,6 +130,7 @@ MIDDLEWARE_CLASSES = (
 SITE_ROOT_URLCONF = 'seahub.urls'
 ROOT_URLCONF = 'seahub.utils.rooturl'
 SITE_ROOT = '/'
+CSRF_COOKIE_NAME = 'sfcsrftoken'
 
 # Python dotted path to the WSGI application used by Django's runserver.
 WSGI_APPLICATION = 'seahub.wsgi.application'
diff --git a/seahub/templates/base_for_backbone.html b/seahub/templates/base_for_backbone.html
index f5cb7de93e..ef424a0a79 100644
--- a/seahub/templates/base_for_backbone.html
+++ b/seahub/templates/base_for_backbone.html
@@ -120,6 +120,7 @@ var app = {
         mediaUrl: '{{ MEDIA_URL }}',
         siteRoot: '{{ SITE_ROOT }}',
         loginUrl: '{{ LOGIN_URL }}',
+        csrfCookieName: '{{ CSRF_COOKIE_NAME }}',
         fileServerRoot: '{{ FILE_SERVER_ROOT }}'
     }
 };
diff --git a/static/scripts/common.js b/static/scripts/common.js
index 4d5edb80fb..6f6f355656 100644
--- a/static/scripts/common.js
+++ b/static/scripts/common.js
@@ -530,7 +530,7 @@ define([
             }
             if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
                 // Only send the token to relative URLs i.e. locally.
-                xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
+                xhr.setRequestHeader("X-CSRFToken", getCookie(app.config.csrfCookieName));
             }
         },