diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php
index b2463ed3f7d8f63317915b789e172bdea9f69780..1056a05f832820b58d8b81f4864d6a3eb7edb130 100644
--- a/lib/exe/ajax.php
+++ b/lib/exe/ajax.php
@@ -128,7 +128,6 @@ function ajax_lock(){
$ID = cleanID($_POST['id']);
if(empty($ID)) return;
- if (!checkSecurityToken()) return;
$INFO = pageinfo();
@@ -169,7 +168,6 @@ function ajax_lock(){
function ajax_draftdel(){
$id = cleanID($_REQUEST['id']);
if(empty($id)) return;
- if (!checkSecurityToken()) return;
$client = $_SERVER['REMOTE_USER'];
if(!$client) $client = clientIP(true);
diff --git a/lib/scripts/edit.js b/lib/scripts/edit.js
index 31afcc12626181ebf0597954a01eae5dff2dc226..a96a346dc896681b3859f05ddb768890673da43f 100644
--- a/lib/scripts/edit.js
+++ b/lib/scripts/edit.js
@@ -275,7 +275,6 @@ function deleteDraft() {
if(dwform){
var params = 'call=draftdel';
params += '&id='+encodeURIComponent(dwform.elements.id.value);
- params += '§ok='+encodeURIComponent(dwform.elements.sectok.value);
var sackobj = new sack(DOKU_BASE + 'lib/exe/ajax.php');
// this needs to be synchronous and GET to not be aborted upon page unload
diff --git a/lib/scripts/locktimer.js b/lib/scripts/locktimer.js
index 5335e228f07538c78a852025296e7b5c3f3a7480..0db7d2b15a40501f262bedd2412836f62608d253 100644
--- a/lib/scripts/locktimer.js
+++ b/lib/scripts/locktimer.js
@@ -73,7 +73,6 @@ var locktimer = {
if(now.getTime() - locktimer.lasttime.getTime() > 30*1000){
var params = 'call=lock&id='+encodeURIComponent(locktimer.pageid);
var dwform = $('dw__editform');
- params += '§ok='+encodeURIComponent(dwform.elements.sectok.value);
if(locktimer.draft && dwform.elements.wikitext){
params += '&prefix='+encodeURIComponent(dwform.elements.prefix.value);
params += '&wikitext='+encodeURIComponent(dwform.elements.wikitext.value);