diff --git a/CHANGELOG b/CHANGELOG
index 859e87838..8fcbcf62f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,7 @@ CHANGELOG Roundcube Webmail
 ===========================
 
 
+- Fix random "access to this resource is secured against CSRF" message at logout (#1490641)
 - Fix missing language name in "Add to Dictionary" request in HTML mode (#1490634)
 - Enable use of TLSv1.1 and TLSv1.2 for IMAP (#1490640)
 
diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php
index 7b6e7baac..580f65578 100644
--- a/program/lib/Roundcube/rcube_utils.php
+++ b/program/lib/Roundcube/rcube_utils.php
@@ -1164,7 +1164,7 @@ class rcube_utils
             }
         }
         else {
-            $alpha  = 'ABCDEFGHIJKLMNOPQERSTUVXYZabcdefghijklmnopqrtsuvwxyz0123456789+*%&?!$-_=';
+            $alpha  = 'ABCDEFGHIJKLMNOPQERSTUVXYZabcdefghijklmnopqrtsuvwxyz0123456789,*.:?!$-_=';
             $random = '';
 
             for ($i = 0; $i < $length; $i++) {