public function testRefreshSessionMissingCsrfToken()
{
$session = $this->login();
$refreshRequest = $this->createRefreshRequest($session);
$this->removeCsrfHeader($refreshRequest);
$response = $this->sendHttpRequest($refreshRequest);
self::assertHttpResponseCodeEquals($response, 401);
}