id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
33522	Unexpected behaviour when logging in	Michael	nobody	"Say a user opens two tabs to the same site, both show the login page.

The user logs in on Tab A, does some things, after a while changes to Tab B, sees the login page, and instictively clicks login (their details pre-populated due to auto fill). They will then get a surprising CSRF error.

I thing this is because when they logged in on Tab A, it deleted the anonymous session, and replaced it with a new session, which means the CSRF token from Tab B fails.

Would it not be better to not delete the anomyous session when one logs in, or upgrade the session (instead of deleting it)?"	Bug	new	contrib.auth	4.0	Normal		authentication log in CSRF token		Unreviewed	0	0	0	0	0	0