If you are trying to claim Twitch Prime Loot, to log in, and after authorizing it fails with error “Forbidden - CSRF token invalid” it is because of a faulty/old cookie they do not clean up.
I inspected the cookies/storage of the website and found two
id_csrf cookies. After removing one, only one was recreated and it worked.
You can remove all twitch related cookies, cookies of the twitch website, or just the one in question.
To remove only the one in question, when you are in the authentication process on the
- open the developer toolbar with F12
- open the Storage tab
- find the
id_csrfcookie or cookies
- select them
- delete them (DEL key or right click context menu)
- refresh the page
The cookie in question: