diff --git a/include/ajax.tickets.php b/include/ajax.tickets.php
index 46df9eb23cadeea18cf431443e8c8ddab063ae64..b402d6efce3e5914ba2c3cec2471b2d534312cbc 100644
--- a/include/ajax.tickets.php
+++ b/include/ajax.tickets.php
@@ -181,8 +181,6 @@ class TicketsAjaxAPI extends AjaxController {
     function acquireLock($tid) {
         global $cfg,$thisstaff;
 
-        $this->csrf_protect();
-        
         if(!$tid or !is_numeric($tid) or !$thisstaff or !$cfg) 
             return 0;
        
@@ -216,8 +214,6 @@ class TicketsAjaxAPI extends AjaxController {
     function renewLock($tid, $id) {
         global $thisstaff;
 
-        $this->csrf_protect();
-
         if(!$id or !is_numeric($id) or !$thisstaff)
             return $this->json_encode(array('id'=>0, 'retry'=>true));
        
@@ -237,8 +233,6 @@ class TicketsAjaxAPI extends AjaxController {
     function releaseLock($tid, $id=0) {
         global $thisstaff;
 
-        $this->csrf_protect();
-
         if($id && is_numeric($id)){ //Lock Id provided!
         
             $lock = TicketLock::lookup($id, $tid);
diff --git a/include/class.ajax.php b/include/class.ajax.php
index 5870f80391581e2031ac5f57af8c36397d2e1b0a..0240d91f83521393f31f73261562e1367b89e618 100644
--- a/include/class.ajax.php
+++ b/include/class.ajax.php
@@ -51,10 +51,6 @@ class AjaxController extends ApiController {
         return $this->json_encode($what);
     }
 
-    function csrf_protect() {
-        csrf_ensure_cookie();
-    }
-
     function get($var, $default=null) {
         return (isset($_GET[$var])) ? $_GET[$var] : $default;
     }