User log in failure

[nikyraja]

A user has reported issues of not being able to log into the platform:

"1. I got onto platform
2. My usercode and password already in
3. I do the capta thing
4. I put in authentication code

Then I get this message

So then I close it down and do it again. Usually have to do it 2-3 times. But now having to do the whole process any number of times up to 10 to get in."

I have emailed @mbarton and @eatyourpeas the user details to investigate further.

[mbarton]

Thanks @nikyraja. This is the same problem as #1020. Now that we've got a user who hits this regularly, hopefully we can understand more about why it happens and fix it.

We will log through the logs to see if there's anything helpful and if not probably ask to go back to the user directly to show us what happens if they're willing

[nikyraja]

Thanks Michael! The user was keen to have a call and demo the problem, so I can help arrange this once you've had a look.

[mbarton]

Thanks! Just noting down my thoughts on how to investigate this - we probably won't get to it until next week at least

• Trace the user through the logs - do the requests look the same as when we log in ourselves?
• Check we are logging all CSRF validation errors from the built-in Django middleware
  • There's more than just missing/invalid (referer validation error etc): https://github.com/django/django/blob/b13b8684a04d0bc1081104c5973c62c27dc673b0/django/middleware/csrf.py#L29
• Add a custom middleware (only in staging) that logs CSRF tokens inbound and outbound alongside URLs
  • We would probably register the user in staging and ask them to log in during a call with us
  • This gives us hopefully more detailed telemetry to diagnose the problem if it's not immediately apparent from watching them or looking at the network inspector on their machine