Since you have a cookie named xsrf I would guess this is a cookie for CSRF protection.
If you look at the response from the GET request your software makes is there a hidden field containing a token?
e.g. <input type="hidden" name="xsrfToken" value="123456" />
When your software makes the POST, it could be that value of this hidden field is omitted or set to the incorrect value. It may need to be the same as the dynamic value retrieved in the GET request in order to validate the CSRF protection. Usually this value will be the same as the cookie (xsrf cookie in this case), or it will contain an encoded or encrypted version of it (or possibly the cookie will be an encoded encrypted version of the hidden field).