Index: typo3/classes/class.ajaxlogin.php
===================================================================
--- typo3/classes/class.ajaxlogin.php	(revision 10349)
+++ typo3/classes/class.ajaxlogin.php	(working copy)
@@ -44,12 +44,23 @@
 	 */
 	public function login(array $parameters, TYPO3AJAX $ajaxObj) {
 		if ($GLOBALS['BE_USER']->user['uid']) {
+
+			$tokens = new stdClass();
+
 			$formprotection = t3lib_formprotection_Factory::get();
-			$token = $formprotection->generateToken('extDirect');
+			$tokens->extDirectToken = $formprotection->generateToken('extDirect');
+
+			$tokens->clearCacheTokens = array();
+			for ($i = 0; $i < 3; $i++) {
+				$tokens->clearCacheTokens[] = $formprotection->generateToken('tceAction');
+			}
+			$tokens->editRecordToken = $formprotection->generateToken('editRecord');
+
+			$formprotection->persistTokens();
 
 			$json = array(
 				'success' => TRUE,
-				'token' => $token
+				'tokens' => $tokens
 			);
 		} else {
 			$json = array('success' => FALSE);
Index: typo3/js/loginrefresh.js
===================================================================
--- typo3/js/loginrefresh.js	(revision 10349)
+++ typo3/js/loginrefresh.js	(working copy)
@@ -298,7 +298,22 @@
 						// User is logged in
 						Ext.getCmp("loginformWindow").hide();
 						TYPO3.loginRefresh.startTimer();
-						TYPO3.ExtDirectToken = result.token;
+						// Refresh all kind of tokens 
+						TYPO3.ExtDirectToken = result.tokens.extDirectToken;
+						var clearCacheTags = Ext.query("#clear-cache-actions-menu ul a");
+						Ext.each(clearCacheTags, function(tag, index) {
+							var url = Ext.urlDecode(tag.href);
+							if (typeof url.formToken !== "undefined") {
+								url.formToken = result.tokens.clearCacheTokens[index];
+								tag.href = unescape(Ext.urlEncode(url));
+							}
+						});
+						var contentFrame = window.frames["content"].document.window;
+						var contentForms = contentFrame.Ext.query("form");
+						if (contentForms.length > 0 && contentForms.pop().action.indexOf("alt_doc.php") !== -1) {
+							var hiddenTokenField = contentFrame.Ext.query("form input[name=formToken]").pop();
+							hiddenTokenField.value = result.tokens.editRecordToken;
+						}
 					} else {
 						// TODO: add failure to notification system instead of alert
 						Ext.Msg.alert(TYPO3.LLL.core.refresh_login_failed, TYPO3.LLL.core.refresh_login_failed_message);
Index: typo3/index.php
===================================================================
--- typo3/index.php	(revision 10349)
+++ typo3/index.php	(working copy)
@@ -398,7 +398,12 @@
 				t3lib_utility_Http::redirect($this->redirectToURL);
 			} else {
 				$formprotection = t3lib_formprotection_Factory::get();
-				$token = $formprotection->generateToken('extDirect');
+				$extDirectToken = $formprotection->generateToken('extDirect');
+				$tceActionTokens = array();
+				for ($i = 0; $i < 3; $i++) {
+					$tceActionTokens[] = $formprotection->generateToken('tceAction');
+				}
+				$editRecordToken = $formprotection->generateToken('editRecord');
 				$TBE_TEMPLATE->JScode.=$TBE_TEMPLATE->wrapScriptTags('
 					if (parent.opener && (parent.opener.busy || parent.opener.TYPO3.loginRefresh)) {
 						if (parent.opener.TYPO3.loginRefresh) {
@@ -406,7 +411,24 @@
 						} else {
 							parent.opener.busy.loginRefreshed();
 						}
-						parent.opener.TYPO3.ExtDirectToken = "' . $token . '";
+						// Refresh all kind of tokens
+						parent.opener.TYPO3.ExtDirectToken = "' . $extDirectToken . '";
+						var clearCacheTokens = [\'' . $tceActionTokens[0] . '\',\'' . $tceActionTokens[1] . '\',\'' . $tceActionTokens[2] . '\'];
+						var clearCacheTags = parent.opener.Ext.query("#clear-cache-actions-menu ul a");
+						parent.opener.Ext.each(clearCacheTags, function(tag, index) {
+							var url = parent.opener.Ext.urlDecode(tag.href);
+							if (typeof url.formToken !== "undefined") {
+								url.formToken = clearCacheTokens[index];
+								tag.href = unescape(parent.opener.Ext.urlEncode(url));
+							}
+						});
+						var contentFrame = parent.opener.window.frames["content"].document.window;
+						var contentForms = contentFrame.Ext.query("form");
+						if (contentForms && contentForms.pop().action.indexOf("alt_doc.php") !== -1) {
+							var hiddenTokenField = contentFrame.Ext.query("form input[name=formToken]").pop();
+							hiddenTokenField.value = "' . $editRecordToken . '";
+						}
+
 						parent.close();
 					}
 				');
Index: t3lib/class.t3lib_pagerenderer.php
===================================================================
--- t3lib/class.t3lib_pagerenderer.php	(revision 10349)
+++ t3lib/class.t3lib_pagerenderer.php	(working copy)
@@ -960,15 +960,15 @@
 					var provider = Ext.Direct.addProvider(Ext.app.ExtDirectAPI[api]);
 					provider.on("beforecall", function(provider, transaction, meta) {
 						if (transaction.data) {
-							transaction.data[transaction.data.length] = TYPO3.ExtDirectToken;
+							transaction.data[transaction.data.length] = top.TYPO3.ExtDirectToken;
 						} else {
-							transaction.data = [TYPO3.ExtDirectToken];
+							transaction.data = [top.TYPO3.ExtDirectToken];
 						}
 					});
 
 					provider.on("call", function(provider, transaction, meta) {
 						if (transaction.isForm) {
-							transaction.params.securityToken = TYPO3.ExtDirectToken;
+							transaction.params.securityToken = top.TYPO3.ExtDirectToken;
 						}
 					});
 				}