Or if the token is not in localstorage, then you can clear all cookies / localstorage, and try to sign in. If the response headers have anti-csrf, but it does not get set in localstorage after, then it is something to do with the interceptor.