diff --git a/package-lock.json b/package-lock.json
index 23c4c45aa..cab879443 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "int_adyen_SFRA",
-  "version": "22.2.3",
+  "version": "22.2.4",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index a4c86b8f1..d7fd007f9 100755
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "int_adyen_SFRA",
-  "version": "22.2.3",
+  "version": "22.2.4",
   "description": "Adyen's official cartridge for SFRA and controllers-based SiteGenesis",
   "main": "index.js",
   "paths": {
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/client/default/js/commons/index.js b/src/cartridges/int_adyen_SFRA/cartridge/client/default/js/commons/index.js
index 85b7ada8e..5e166aeaa 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/client/default/js/commons/index.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/client/default/js/commons/index.js
@@ -16,7 +16,8 @@ module.exports.onBrand = function onBrand(brandObject) {
  */
 module.exports.createSession = async function createSession() {
   return $.ajax({
-    url: 'Adyen-Sessions',
-    type: 'get',
+    url: window.sessionsUrl,
+    type: 'post',
+    data: $('#adyen-sessions-token').serialize(),
   });
 };
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js b/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
index ee8d9ed22..c08d608d8 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
@@ -1,5 +1,6 @@
 const server = require('server');
 const consentTracking = require('*/cartridge/scripts/middleware/consentTracking');
+const csrf = require('*/cartridge/scripts/middleware/csrf');
 const adyenGiving = require('*/cartridge/scripts/adyenGiving');
 const { adyen } = require('*/cartridge/controllers/middlewares/index');
 
@@ -20,7 +21,12 @@ server.post(
   adyen.paymentsDetails,
 );
 
-server.get('Sessions', server.middleware.https, adyen.callCreateSession);
+server.post(
+  'Sessions',
+  server.middleware.https,
+  csrf.validateRequest,
+  adyen.callCreateSession,
+);
 
 /**
  * Redirect to Adyen after 3DS1 Authentication When adding a card to an account
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/templates/default/account/payment/paymentForm.isml b/src/cartridges/int_adyen_SFRA/cartridge/templates/default/account/payment/paymentForm.isml
index 7e325e5ef..0b70fc6b2 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/templates/default/account/payment/paymentForm.isml
+++ b/src/cartridges/int_adyen_SFRA/cartridge/templates/default/account/payment/paymentForm.isml
@@ -66,3 +66,4 @@
 </div>
 <isinclude template="adyenActionModal" />
 <iscomment> ### Custom Adyen cartridge end ### </iscomment>
+<input type="hidden" id="adyen-sessions-token" name="${pdict.csrf.tokenName}" value="${pdict.csrf.token}"/>
\ No newline at end of file
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenComponentForm.isml b/src/cartridges/int_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenComponentForm.isml
index 6fb8b4a63..8f5c85bf0 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenComponentForm.isml
+++ b/src/cartridges/int_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenComponentForm.isml
@@ -20,6 +20,7 @@
       window.paymentsDetailsURL = "${URLUtils.https('Adyen-PaymentsDetails')}";
       window.ShowConfirmationPaymentFromComponent = "${ShowConfirmationPaymentFromComponent}";
       window.AdyenSFRA6Enabled = '${pdict.adyen.SFRA6Enabled}';
+      window.sessionsUrl = "${URLUtils.https('Adyen-Sessions')}";
 
       window.remainingAmountGiftCardResource = "${Resource.msg('remainingAmount.giftCard', 'adyen', null)}";
       window.discountedAmountGiftCardResource = "${Resource.msg('discountedAmount.giftCard', 'adyen', null)}";
@@ -107,3 +108,4 @@
 
 </iselse>
 </isif>
+<input type="hidden" id="adyen-sessions-token" name="${pdict.csrf.tokenName}" value="${pdict.csrf.token}"/>
\ No newline at end of file
diff --git a/src/cartridges/int_adyen_controllers/cartridge/templates/default/checkout/billing/adyenComponent.isml b/src/cartridges/int_adyen_controllers/cartridge/templates/default/checkout/billing/adyenComponent.isml
index 2a2216b98..18ab9878b 100644
--- a/src/cartridges/int_adyen_controllers/cartridge/templates/default/checkout/billing/adyenComponent.isml
+++ b/src/cartridges/int_adyen_controllers/cartridge/templates/default/checkout/billing/adyenComponent.isml
@@ -96,3 +96,4 @@
     </script>
 </iselse>
 </isif>
+<input type="hidden" id="adyen-sessions-token" name="${pdict.csrf.tokenName}" value="${pdict.csrf.token}"/>
\ No newline at end of file
diff --git a/src/cartridges/int_adyen_overlay/cartridge/adyenConstants/constants.js b/src/cartridges/int_adyen_overlay/cartridge/adyenConstants/constants.js
index b2d5e7948..d991c9602 100644
--- a/src/cartridges/int_adyen_overlay/cartridge/adyenConstants/constants.js
+++ b/src/cartridges/int_adyen_overlay/cartridge/adyenConstants/constants.js
@@ -64,5 +64,5 @@ module.exports = {
   CHECKOUT_ENVIRONMENT_LIVE_IN: 'live-in',
 
   CHECKOUT_COMPONENT_VERSION: '5.28.0',
-  VERSION: '22.2.2',
+  VERSION: '22.2.4',
 };
\ No newline at end of file