id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
33522	Unexpected behaviour when logging in	Michael	nobody	"Say a user opens two tabs to the same site, both show the login page.

The user logs in on Tab A, does some things, after a while changes to Tab B, sees the login page, and instictively clicks login (their details pre-populated due to auto fill). They will then get a surprising CSRF error.

I thing this is because when they logged in on Tab A, it deleted the anonymous session, and replaced it with a new session, which means the CSRF token from Tab B fails.

Would it not be better to not delete the anomyous session when one logs in, or upgrade the session (instead of deleting it)?

Another idea is making the login view `csrf_exempt`, then we won't have these csrf errors."	Bug	new	contrib.auth	4.0	Normal		authentication log in CSRF token		Unreviewed	0	0	0	0	0	0