id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
21704	Csrf verification fails for unlogged users with multiple tabs opened	mimino.coder@…	Mimino	"Here is the scenario (we are using 2 tabs, A and B):

1. (in tab A): As an unlogged user, open the login page. Csrf token is set to some value. 
2. (in tab B): Don't login into the site yet, but open the login page in a new tab. Csrf token is now the same in both tabs.
3. (in tab B): Login into the site. Csrf token is set for a logged-in user to some new value.
4. (in tab B): Logout from the site. Csrf token is rotated and set to a new value for unlogged user.
5. (in tab A): Try to login into the site. Bam - 403! The problem is, the login form still contained the old csrf token.

Is this the intended behavior of csrf rotation? If yes, how to handle it in user-friendly manner?"	Bug	closed	CSRF	1.6	Normal	worksforme	csrf		Unreviewed	0	0	0	0	0	0