diff --git a/setup/ajax.dataloader.php b/setup/ajax.dataloader.php
index 2c9692b9f..fdc189114 100644
--- a/setup/ajax.dataloader.php
+++ b/setup/ajax.dataloader.php
@@ -147,7 +147,7 @@ header("Expires: Fri, 17 Jul 1970 05:00:00 GMT");    // Date in the past
 $sOperation = Utils::ReadParam('operation', '');
 try
 {
-	SetupUtils::CheckSetupToken(true);
+	SetupUtils::CheckSetupToken();
 
 	switch($sOperation)
 	{
diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php
index ce7a3902c..65c09e687 100644
--- a/setup/wizardsteps.class.inc.php
+++ b/setup/wizardsteps.class.inc.php
@@ -2663,6 +2663,7 @@ class WizStepDone extends WizardStep
 
 	public function AsyncAction(WebPage $oPage, $sCode, $aParameters)
 	{
+		SetupUtils::EraseSetupToken();
 		// For security reasons: add the extension now so that this action can be used to read *only* .tar.gz files from the disk...
 		$sBackupFile = $aParameters['backup'].'.tar.gz';
 		if (file_exists($sBackupFile))