Comment 1 for bug 1801620

Thanks for your bug report.

I can confirm this with these steps (Opera):

1. Log out
2. Close additional Browser tabs where the website is shown, leave 1 tab with the website open.
3. Open the website in an additional tab and login here
4. Switch to the other tab (showing not logged in) and try to search with the form in the navigation bar

The problem is that the csrf-token cookie is updated in step 3 (login). Sending a request through the browsers tab (showing not logged in) uses the old csrf value then.

I guess the underlying problem is that the view used in the navigation bar uses a redirect.