Did you solve your error? We experience the same problem from time to time.
I suspect it to be related with CSRF and in our case with an DNS alias. The client request the page from x.mycompany.com but the server has an other internal name, answering with y.mycompany.com.
A System Rename could maybe fix that, but for now I was afraid to go down that road.
You could also check if disabling CSRF on node "/default_host/sap/opu/odata/ui2/interop" (~CHECK_CSRF_TOKEN = 0 in GUI Configuration) would eliminate your problem. However, that would probably not be advisable for production use.
Let me know if you have any other findings regarding this problem.
Cheers
Jens