I can't reproduce this. Did you wait some time before doing refresh? Also did you refresh by browser or by the link in phpMyAdmin?

It happens to me every single time no matter how long I wait. I used the link in phpMyAdmin to refresh.

I faced a similar problem just after upgrading from v4.6.2 to v4.7.0.

I'm not familiar with phpMyAdmin but it seems the token mismatch error happens when I put a POST request after logged in, for exporting query result.

In my case it happens for 781 bytes query, while it does not happen for 576 bytes query.
In the former case a POST form is generated and a GET form is generated in the latter case.

And I confirmed no error happens when I bypassed token checks, by inserting

$token_mismatch = false;

in line 931, libraries/common.inc.php.

Unfortunately I am unable to reproduce the error on 4.8.0-dev (latest stable 4.7.0)

I checked even a simple query can reproduce this issue:

select 1 FROM plugins
WHERE
1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and
1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and
1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and
1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and
1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and
1=1
LIMIT 1;

does occur "token mismatch" error,
while the query just removing only one 1=1 and does not occur this error.

I explored the source code and Util::linkOrButton judges whether POST or GET to show for "Export" or other links to implement, and the query length above is the threshold in my environment.

BTW I checked the code and thought,

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (PMA_isValid($_POST['token'])) {
        $token_provided = true;
        $token_mismatch = ! hash_equals($_SESSION[' PMA_token '], $_POST['token']);
    }

    if ($token_mismatch) {
        /**
         * We don't allow any POST operation parameters if the token is mismatched
         * or is not provided
         */
        $whitelist = array('ajax_request');
        PMA\libraries\Sanitize::removeRequestVars($whitelist);
    }
}

requires token key in form parameter every POST request, right?
I see no key token in "Export" link form.

Of course token key exists when a POST request is sent for SQL execution.

Util::linkOrButton might not be inserting token key for POST form creation?

The "token mismatch" error is occurring for me even when I press the "Refresh" button in the Status tab. I can no longer refresh the process list. This happened after upgrading to 4.7.0.

I also experience this issue right after my upgrade from 4.6.3 to 4.7.0. If I run a SQL statement and click on export results I get "Token mismatch". But only with bigger/more complex queries. Very simple ones work.

My token gets blank and inside common.inc.php it fails on
if (PMA_isValid($_POST['token'])) {
With the workaround
$token_mismatch = false;
after this if statement then it works again.

The commit from @devenbansod didn't fix this.

Looks fixed.
Looking forward to 4.7.1 release.