diff --git a/public/include/classes/csrftoken.class.php b/public/include/classes/csrftoken.class.php
index 0f4f8820..6c32b8ca 100644
--- a/public/include/classes/csrftoken.class.php
+++ b/public/include/classes/csrftoken.class.php
@@ -8,7 +8,7 @@ class CSRFToken Extends Base {
    * Gets a basic CSRF token for this user/type and time chunk
    * @param string user User; for hash seed, if username isn't available use IP
    * @param string type Type of token; for hash seed, should be unique per page/use
-   * @param string timing Which date() chars we add to the seed; month day year hour minute default
+   * @param string timing Which date() chars we add to the seed; default month day year hour minute ie same minute only
    * @param string seedExtra Extra information to add to the seed
    * @return string CSRF token
    */
diff --git a/public/include/pages/home.inc.php b/public/include/pages/home.inc.php
index 861e24be..85e550dc 100644
--- a/public/include/pages/home.inc.php
+++ b/public/include/pages/home.inc.php
@@ -22,12 +22,11 @@ if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
 } else {
   $debug->append('Using cached page', 3);
 }
-// csrf token - update if it's enabled
-$token = '';
-if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
-}
 // Load news entries for Desktop site and unauthenticated users
 $smarty->assign("CONTENT", "default.tpl");
-$smarty->assign('CTOKEN', $token);
+// csrf token
+if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
+  $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
+  $smarty->assign('CTOKEN', $token);
+}
 ?>
diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php
index 9442d10f..8559fa7d 100644
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@@ -57,13 +57,11 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
     $_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info');
   }
 }
-// csrf token - update if it's enabled
-$token = '';
-if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
-}
-
 // Load login template
 $smarty->assign('CONTENT', 'default.tpl');
-$smarty->assign('CTOKEN', $token);
+// csrf token
+if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
+  $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
+  $smarty->assign('CTOKEN', $token);
+}
 ?>
diff --git a/public/include/pages/register.inc.php b/public/include/pages/register.inc.php
index 692c3e42..e05ffa7b 100644
--- a/public/include/pages/register.inc.php
+++ b/public/include/pages/register.inc.php
@@ -14,6 +14,12 @@ if ($setting->getValue('lock_registration') && $setting->getValue('disable_invit
     require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
     $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
   }
+  // Load news entries for Desktop site and unauthenticated users
   $smarty->assign("CONTENT", "default.tpl");
+  // csrf token
+  if ($config['csrf']['enabled'] && $config['csrf']['forms']['register']) {
+    $token = $csrftoken->getBasic($user->getCurrentIP(), 'register');
+    $smarty->assign('CTOKEN', $token);
+  }
 }
 ?>