csrf is wrong when cookie exist

[tmackenzie]

CSRF value is incorrect for the the request when the cookie exists. It should be the jwt but it's the challenge token