diff --git a/internal/server.go b/internal/server.go
index 2e20df53..0ca66996 100644
--- a/internal/server.go
+++ b/internal/server.go
@@ -3,6 +3,7 @@ package tfa
 import (
 	"net/http"
 	"net/url"
+	"strings"
 
 	"github.com/containous/traefik/v2/pkg/rules"
 	"github.com/sirupsen/logrus"
@@ -224,6 +225,12 @@ func (s *Server) authRedirect(logger *logrus.Entry, w http.ResponseWriter, r *ht
 		return
 	}
 
+	// clean existing CSRF cookie
+	for _, v := range r.Cookies() {
+		if strings.Contains(v.Name, config.CSRFCookieName) {
+			http.SetCookie(w, ClearCSRFCookie(r, v))
+		}
+	}
 	// Set the CSRF cookie
 	csrf := MakeCSRFCookie(r, nonce)
 	http.SetCookie(w, csrf)