I'm using PMA 4.1.4, PHP 5.5 and been having this issue since the release of PMA 4.x.
I'm using HTTP authentication, and whenever my SESSION expires (whether after some idle period or by deleting the phpmyadmin SESSION cookie), clicking on anything triggers a "Error: Token Mismatch" error, which can only be fixed by clearing the URL (removing the hashtag) and reloading the page (so a new token is generated).
This is VERY annoying, because whenever my SESSION expires I have to change the URL and reload PMA, which makes no sense since I'm still HTTP authenticated.
IMHO, when PMA gets a token mismatch, it should check if the HTTP auth info is still correct, and if it is, update the token and move on like nothing happened...
Steps to reproduce:
1) Use HTTP auth on settings
2) Sign in to PMA
3) Expire your SESSION (leaving PMA go idle for a while or deleting the phpmyadmin SESSION cookie)
4) Click anywhere (try to browse, show structure, change DB, anything really)
5) Notice the "Error: Token Mismatch" error and how you can only get rid of it by clearing the URL and reloading the page