@bruno You don’t have to set these session config options in your config, those are the default values anyway, so unless you change anything , this won’t make any difference.
Do you set any headers in config? See this thread: Invalid CSRF Token on Hepburn Theme Panel Installation