The web interface has terrible connection issues with the backend. Sometimes this happens every few seconds and I have to reload the web interface. In the console of the browser I see a lot of Failed to load resource: the server responded with a status of 403 (Forbidden) errors.
It seems that your guess is correct and the issue was caused by a plugin. I used Cookie AutoDelete which removes cookies after a website is closed. After adding an exception for localhost it works fine so far. Nevertheless it is a strange issue. The plugin only deletes cookies if the website is closed. The CSRF-Token was still present when those errors occur.