diff --git a/src/smarttools/web/auth.py b/src/smarttools/web/auth.py
index 0123cd2..d9113a8 100644
--- a/src/smarttools/web/auth.py
+++ b/src/smarttools/web/auth.py
@@ -40,7 +40,6 @@ def login():
             return render_template(
                 "pages/login.html",
                 errors=["Invalid CSRF token"],
-                csrf_token=_csrf_token(),
                 next_url=next_url,
             )
         email = request.form.get("email", "").strip()
@@ -60,12 +59,11 @@ def login():
         return render_template(
             "pages/login.html",
             errors=[error],
-            csrf_token=_csrf_token(),
             email=email,
             next_url=next_url,
         )
 
-    return render_template("pages/login.html", csrf_token=_csrf_token(), next_url=next_url)
+    return render_template("pages/login.html", next_url=next_url)
 
 
 @web_bp.route("/register", methods=["GET", "POST"])
@@ -75,7 +73,6 @@ def register():
             return render_template(
                 "pages/register.html",
                 errors=["Invalid CSRF token"],
-                csrf_token=_csrf_token(),
             )
         payload = {
             "email": request.form.get("email", "").strip(),
@@ -90,13 +87,12 @@ def register():
         return render_template(
             "pages/register.html",
             errors=[error],
-            csrf_token=_csrf_token(),
             email=payload["email"],
             slug=payload["slug"],
             display_name=payload["display_name"],
         )
 
-    return render_template("pages/register.html", csrf_token=_csrf_token())
+    return render_template("pages/register.html")
 
 
 @web_bp.route("/logout", methods=["POST"])