diff --git a/setup/ajax.dataloader.php b/setup/ajax.dataloader.php
index e6b7b5b70..3e296cb18 100644
--- a/setup/ajax.dataloader.php
+++ b/setup/ajax.dataloader.php
@@ -141,7 +141,7 @@ header("Expires: Fri, 17 Jul 1970 05:00:00 GMT");    // Date in the past
 $sOperation = Utils::ReadParam('operation', '');
 try
 {
-	SetupUtils::CheckSetupToken(true);
+	SetupUtils::CheckSetupToken();
 
 	switch($sOperation)
 	{
diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php
index 57d48a680..cb412885e 100644
--- a/setup/wizardsteps.class.inc.php
+++ b/setup/wizardsteps.class.inc.php
@@ -2697,6 +2697,7 @@ class WizStepDone extends WizardStep
 
 	public function AsyncAction(WebPage $oPage, $sCode, $aParameters)
 	{
+		SetupUtils::EraseSetupToken();
 		// For security reasons: add the extension now so that this action can be used to read *only* .tar.gz files from the disk...
 		$sBackupFile = $aParameters['backup'].'.tar.gz';
 		if (file_exists($sBackupFile))