diff --git a/cps/admin.py b/cps/admin.py
index f1c3e57a..740db680 100644
--- a/cps/admin.py
+++ b/cps/admin.py
@@ -1745,6 +1745,7 @@ def ldap_import_create_user(user, user_data):
     content.kindle_mail = kindlemail
     content.default_language = config.config_default_language
     content.locale = config.config_default_locale
+    content.role = config.config_default_role
     content.sidebar_view = config.config_default_show
     content.allowed_tags = config.config_allowed_tags
     content.denied_tags = config.config_denied_tags
diff --git a/cps/static/js/main.js b/cps/static/js/main.js
index 2ffaaa87..48c66767 100644
--- a/cps/static/js/main.js
+++ b/cps/static/js/main.js
@@ -263,7 +263,7 @@ $(function() {
     function updateTimer() {
         $.ajax({
             dataType: "json",
-            url: window.location.pathname + "/../../get_updater_status",
+            url: getPath() + "/get_updater_status",
             success: function success(data) {
                 $("#DialogContent").html(updateText[data.status]);
                 if (data.status > 6) {
@@ -462,8 +462,8 @@ $(function() {
         $.ajax({
             type: "POST",
             dataType: "json",
-            data: { start: "True"},
-            url: window.location.pathname + "/../../get_updater_status",
+            data: { start: "True" },
+            url: getPath() + "/get_updater_status",
             success: function success(data) {
                 updateText = data.text;
                 $("#DialogContent").html(updateText[data.status]);
diff --git a/cps/static/js/shelforder.js b/cps/static/js/shelforder.js
index 62b7e9f3..5cbe7109 100644
--- a/cps/static/js/shelforder.js
+++ b/cps/static/js/shelforder.js
@@ -35,6 +35,7 @@ function sendData(path) {
     var form = document.createElement("form");
     form.setAttribute("method", "post");
     form.setAttribute("action", path);
+    // form.setAttribute("csrf_token", );
 
     for (counter = 0;counter < maxElements;counter++) {
         tmp[counter] = elements[counter].getAttribute("id");
@@ -44,6 +45,10 @@ function sendData(path) {
         hiddenField.setAttribute("value", String(counter + 1));
         form.appendChild(hiddenField);
     }
+    $("<input type='hidden'/>")
+     .attr("name", "csrf_token").val($("input[name='csrf_token']").val())
+     .appendTo(form);
+
     document.body.appendChild(form);
     form.submit();
 }
diff --git a/cps/templates/admin.html b/cps/templates/admin.html
index 81ef955b..9a941594 100644
--- a/cps/templates/admin.html
+++ b/cps/templates/admin.html
@@ -186,6 +186,7 @@
       </table>
 
       {%  if feature_support['updater'] %}
+      <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
       <div class="hidden" id="update_error"> <span>{{update_error}}</span></div>
       <div class="btn btn-primary" id="check_for_update">{{_('Check for Update')}}</div>
       <div class="btn btn-primary hidden" id="perform_update" data-toggle="modal" data-target="#StatusDialog">{{_('Perform Update')}}</div>
diff --git a/cps/templates/remote_login.html b/cps/templates/remote_login.html
index 47bb48f3..22097ef2 100644
--- a/cps/templates/remote_login.html
+++ b/cps/templates/remote_login.html
@@ -1,10 +1,11 @@
 {% extends "layout.html" %}
 {% block body %}
 <div class="well">
+  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
   <h2 style="margin-top: 0">{{_('Magic Link - Authorise New Device')}}</h2>
   <p>
     {{_('On another device, login and visit:')}}
-  <h4><a id="verify_url" data-token="{{token}}" href="{{verify_url}}">{{verify_url}}</a></b>
+  <h4><a id="verify_url" data-token="{{token}}" href="{{verify_url}}">{{verify_url}}</a><b></b>
   </h4>
   <p>
     {{_('Once verified, you will automatically be logged in on this device.')}}
@@ -17,26 +18,4 @@
 
 {% block js %}
     <script src="{{ url_for('static', filename='js/remote_login.js') }}"></script>
-<!--script type="text/javascript">
-  (function () {
-    // Poll the server to check if the user has authenticated
-    var t = setInterval(function () {
-      $.post('{{url_for("remotelogin.token_verified")}}', { token: '{{token}}' })
-        .done(function(response) {
-          if (response.status === 'success') {
-            // Wait a tick so cookies are updated
-            setTimeout(function () {
-              window.location.href = '{{url_for("web.index")}}';
-            }, 0);
-          }
-        })
-        .fail(function (xhr) {
-          clearInterval(t);
-
-          var response = JSON.parse(xhr.responseText);
-          alert(response.message);
-        });
-    }, 5000);
-  })()
-</script-->
 {% endblock %}
diff --git a/cps/templates/shelf_order.html b/cps/templates/shelf_order.html
index a5f91629..ee90fd47 100644
--- a/cps/templates/shelf_order.html
+++ b/cps/templates/shelf_order.html
@@ -3,6 +3,7 @@
   <div class="col-sm-8 col-lg-8 col-xs-12">
     <h2>{{title}}</h2>
     <div>{{_('Drag to Rearrange Order')}}</div>
+      <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
       <div id="sortTrue" class="list-group">
         {% for entry in entries %}
           <div id="{{entry['Books']['id']}}" class="list-group-item">
diff --git a/cps/usermanagement.py b/cps/usermanagement.py
index b18cc673..71da7701 100644
--- a/cps/usermanagement.py
+++ b/cps/usermanagement.py
@@ -23,7 +23,6 @@ from sqlalchemy.sql.expression import func
 from werkzeug.security import check_password_hash
 from flask_login import login_required, login_user
 
-
 from . import lm, ub, config, constants, services
 
 try: