diff --git a/editor/osm_auth.cpp b/editor/osm_auth.cpp
index 8debdc03dd..690cd9c672 100644
--- a/editor/osm_auth.cpp
+++ b/editor/osm_auth.cpp
@@ -118,10 +118,11 @@ TKeySecret const & OsmOAuth::GetKeySecret() const noexcept { return m_tokenKeySe
 bool OsmOAuth::IsAuthorized() const noexcept{ return IsValid(m_tokenKeySecret); }
 
 // Opens a login page and extract a cookie and a secret token.
-OsmOAuth::SessionID OsmOAuth::FetchSessionId(string const & subUrl) const
+OsmOAuth::SessionID OsmOAuth::FetchSessionId(string const & subUrl, string const & cookies) const
 {
-  string const url = m_baseUrl + subUrl + "?cookie_test=true";
+  string const url = m_baseUrl + subUrl + (cookies.empty() ? "?cookie_test=true" : "");
   HttpClient request(url);
+  request.SetCookies(cookies);
   if (!request.RunHttpRequest())
     MYTHROW(NetworkError, ("FetchSessionId Network error while connecting to", url));
   if (request.WasRedirected())
@@ -203,8 +204,11 @@ bool OsmOAuth::LoginSocial(string const & callbackPart, string const & socialTok
 }
 
 // Fakes a buttons press to automatically accept requested permissions.
-string OsmOAuth::SendAuthRequest(string const & requestTokenKey, SessionID const & sid) const
+string OsmOAuth::SendAuthRequest(string const & requestTokenKey, SessionID const & lastSid) const
 {
+  // We have to get a new CSRF token, using existing cookies to open the correct page.
+  SessionID const & sid =
+      FetchSessionId("/oauth/authorize?oauth_token=" + requestTokenKey, lastSid.m_cookies);
   map<string, string> const params =
   {
     {"oauth_token", requestTokenKey},
diff --git a/editor/osm_auth.hpp b/editor/osm_auth.hpp
index ccdbb81aec..378d37c965 100644
--- a/editor/osm_auth.hpp
+++ b/editor/osm_auth.hpp
@@ -116,7 +116,7 @@ private:
   /// Key and secret to sign every OAuth request.
   TKeySecret m_tokenKeySecret;
 
-  SessionID FetchSessionId(string const & subUrl = "/login") const;
+  SessionID FetchSessionId(string const & subUrl = "/login", string const & cookies = "") const;
   /// Log a user out.
   void LogoutUser(SessionID const & sid) const;
   /// Signs a user id using login and password.
@@ -126,7 +126,7 @@ private:
   /// @returns false if the social token is invalid.
   bool LoginSocial(string const & callbackPart, string const & socialToken, SessionID const & sid) const;
   /// @returns non-empty string with oauth_verifier value.
-  string SendAuthRequest(string const & requestTokenKey, SessionID const & sid) const;
+  string SendAuthRequest(string const & requestTokenKey, SessionID const & lastSid) const;
   /// @returns valid key and secret or throws otherwise.
   TRequestToken FetchRequestToken() const;
   TKeySecret FetchAccessToken(SessionID const & sid) const;