Current behavior is expected behavior in 14.x release.
In 14.1 release we have implemented the Cross Site Request Forgery (CSRF). Anti-XSRF token error occurs when logged in user session invalidated.
This could occur
• when user directly posting information from external/untrusted sources
• user session might be ended due to other user login in the same machine with same browser.
In both the cases, security validation will fail and shows an error message which is a valid scenario.