diff --git a/trunk/web/include/csrf_check.php b/trunk/web/include/csrf_check.php
index 41932d75ae6..3678fedb752 100644
--- a/trunk/web/include/csrf_check.php
+++ b/trunk/web/include/csrf_check.php
@@ -1,15 +1,14 @@
 <?php
-  @session_start();
-  if( $_SERVER['REQUEST_METHOD']=='POST'  ){
-	if (isset($_SESSION[$OJ_NAME.'_'.'csrf_keys'])
-   		&& is_array($_SESSION[$OJ_NAME.'_'.'csrf_keys'])
-		&& isset($_POST['csrf'])
-   		&& in_array($_POST['csrf'],$_SESSION[$OJ_NAME.'_'.'csrf_keys'])
-   	){
-//		echo "<!-csrf check passed->";
-  	}else{	
-		echo "<!-csrf check failed->";
-		exit(1);
+  	@session_start();
+  	if( $_SERVER['REQUEST_METHOD'] == 'POST'){
+	  	if( !isset($_SESSION[$OJ_NAME.'_'.'csrf_keys'])
+			|| !is_array($_SESSION[$OJ_NAME.'_'.'csrf_keys'])
+	  		|| !isset($_POST['csrf'])
+			|| !in_array($_POST['csrf'], $_SESSION[$OJ_NAME.'_'.'csrf_keys'])
+		){
+		  	http_response_code(403);
+		  	echo "Invalid csrf token";
+		  	exit;
+		}
   	}
-  }
-?>
+?>
\ No newline at end of file