A good explanation of this topic is in http://www.sunburst-design.com/papers/CummingsSNUG1999SJ_SynthMismatch.pdf
I have analyzed that ratio of getting TokenMismatch Error is very high. And this error occurs because of some silly mistakes. There are many reasons where developers are making mistakes. Here are some of the examples i.e No _token on headers, No _token passed data when using Ajax, permission issue on storage path, an invalid session storage path.