That issue should be impossible in latest CB build release unless Joomla's session had actually expired. We now entirely use Joomla's CSRF instead of our own which means CSRF token generation, storage, and validation is now entirely handled by Joomla which is why that error occurs (when the CSRF doesn't match).
If using Joomla's "System - Page Cache" be sure it's configured to ignore any URL that has a form as it will cache the CSRF token and cause problems like this as well.