Logging in at protected page link/URL doesn't forward user to page after successful login

I have a page that is restricted via permissions to a specific user group. When clicking a link to that page, visitors who aren’t logged-in are forwarded to the login screen (as expected). After submitting the correct credentials, it appears as if nothing happens and the user is left on the login page. Submitting login credentials again results in the login page refreshing with the “Invalid form token. Please reload this form and submit again” message and a message informing the user they are already logged in. The behavior is the same if attempting to access the page directly via the URL.

Looking at the network activity when submitting the login credentials, there is a POST to /login/authenticate/concrete, followed by a GET to /login/login_complete, but then nothing else happens. Normally, on a normal successful login, that POST and GET are followed by another GET to the URL of whatever page is set in the CMS as the login destination (for example, the homepage), but this second GET request never happens when trying to login to the restricted page, it just sits on the login page and nothing further happens, even though the credentials have been submitted, accepted, and the user is technically logged-in.

One further interesting point is that this only seems to happen on Chromium-based browsers, as logging in to the restricted page directly via Firefox has no issues whatsoever.

Any idea what is going on here? This behavior does not happen when normally logging into the CMS via the /login URL, this only happens when a user is attempting to login via a link/URL to a restricted page on the site.

I have just had a client mention this but it only seems to be on mobile for them?

On desktop the page redirects to home page on mobile it just stays on login page but this invalid token error as you are already logged it

This is v9.2

For me this is happening on 8.5.12. Desktop or mobile makes no difference for the affected browsers (Chromium-based), and so far Firefox is exempt from the issue entirely.

I still haven’t been able to track down what could possibly be going wrong here. If it is just a simple login directly via the /login page, no issues whatsoever. If the login is prompted because a user is trying to view a restricted page, then the problem happens.

Hi @dustykeychain - does this occur when you set it up on a demo site here?

No, the login to the restricted page works as expected, and the user is redirected to that login-restricted page after successful login. That said, the issue I am experiencing is on v8.5.12, so not sure if this is comparable, but thank you for the pointing me in a direction to conduct another test.