diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7fedd44..fbdb1d3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -45,6 +45,7 @@ class ApplicationController < ActionController::Base
       super
       cookies.delete(autologin_cookie_name)
       self.logged_user = nil
+      set_localization
       render_error :status => 422, :message => "Invalid form authenticity token."
     end
   end
diff --git a/test/integration/application_test.rb b/test/integration/application_test.rb
index e70277a..e40dda8 100644
--- a/test/integration/application_test.rb
+++ b/test/integration/application_test.rb
@@ -76,4 +76,15 @@ class ApplicationTest < ActionDispatch::IntegrationTest
   ensure
     ActionController::Base.allow_forgery_protection = false
   end
+
+  def test_localization_should_be_set_correctly_on_invalid_token
+    ActionController::Base.allow_forgery_protection = true
+    Setting.default_language = 'en'
+    post 'issues', { }, 'HTTP_ACCEPT_LANGUAGE' => 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
+    assert_response 422
+    assert_equal :fr, current_language
+    assert_select "html[lang=?]", "fr"
+  ensure
+    ActionController::Base.allow_forgery_protection = false
+  end
 end