Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.78.2.31 -r1.78.2.32
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	22 Sep 2016 17:23:35 -0000	1.78.2.31
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	29 Sep 2016 21:24:19 -0000	1.78.2.32
@@ -2180,10 +2180,12 @@
 
         @return nothing
     } {
-        if {![info exists ::$tokenname]} {
+        if {![info exists ::$tokenname] || ![ns_conn isconnected]} {
             #
-            # If there is no global csrf token, we assume that the
-            # csrf token generation is deactivated, we accept everything.
+            # If there is no global csrf token, or we are not in a
+            # connection thread, we accept everything.  If there is
+            # not csrf token, we assume, that its generation is
+            # deactivated,
             #
             return
         }
@@ -2215,8 +2217,13 @@
 
         @return session ID
     } {
-        if {[ad_conn untrusted_user_id] == 0} {
+        if {![ns_conn isconnected]} {
             #
+            # Must be a background job, take the address
+            #
+            set session_id [ns_info address]
+        } elseif {[ad_conn untrusted_user_id] == 0} {
+            #
             # Anonymous request, use a peer address as session_id
             #
             set session_id [ad_conn peeraddr]