diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php
index 8b68ca486ff6fc19d1c37d6b5c2634c5419214f7..350694dca815995e6a7f06ca6d66f38d52abb47d 100644
--- a/lib/private/appframework/http/request.php
+++ b/lib/private/appframework/http/request.php
@@ -350,7 +350,6 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 	/**
 	 * Checks if the CSRF check was correct
 	 * @return bool true if CSRF check passed
-	 * @see OC_Util::$callLifespan
 	 * @see OC_Util::callRegister()
 	 */
 	public function passesCSRFCheck() {
diff --git a/lib/private/util.php b/lib/private/util.php
index 46a6171633372bc9bc519015c1a9abee53f92701..5097174ac110284b4f7671e125f46878ffdb8a02 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -896,29 +896,14 @@ class OC_Util {
 		return $id;
 	}
 
-	/**
-	 * Static lifespan (in seconds) when a request token expires.
-	 *
-	 * @see OC_Util::callRegister()
-	 * @see OC_Util::isCallRegistered()
-	 * @description
-	 * Also required for the client side to compute the point in time when to
-	 * request a fresh token. The client will do so when nearly 97% of the
-	 * time span coded here has expired.
-	 */
-	public static $callLifespan = 3600; // 3600 secs = 1 hour
-
 	/**
 	 * Register an get/post call. Important to prevent CSRF attacks.
 	 *
-	 * @todo Write howto: CSRF protection guide
 	 * @return string Generated token.
 	 * @description
 	 * Creates a 'request token' (random) and stores it inside the session.
 	 * Ever subsequent (ajax) request must use such a valid token to succeed,
 	 * otherwise the request will be denied as a protection against CSRF.
-	 * The tokens expire after a fixed lifespan.
-	 * @see OC_Util::$callLifespan
 	 * @see OC_Util::isCallRegistered()
 	 */
 	public static function callRegister() {
@@ -938,7 +923,6 @@ class OC_Util {
 	 * Check an ajax get/post call if the request token is valid.
 	 *
 	 * @return boolean False if request token is not set or is invalid.
-	 * @see OC_Util::$callLifespan
 	 * @see OC_Util::callRegister()
 	 */
 	public static function isCallRegistered() {
@@ -948,7 +932,6 @@ class OC_Util {
 	/**
 	 * Check an ajax get/post call if the request token is valid. Exit if not.
 	 *
-	 * @todo Write howto
 	 * @return void
 	 */
 	public static function callCheck() {