invalid state when attempting to login #861
Description
I'm ok with closing this issue as unreproducable but I wanted to officially report I've had unexpected behavior from time to time attempting to login to webERP after updating code or restoring a database. I may have an open browser tab logged into webERP when this happens and have Apache http and MariaDb dbms servers running on my dev laptop.
When attempting to login, I can get a "bad username/password" notice or a "you're locked out" AI-generated page and cannot go further. Calling my administrator wouldn't help because the Locked flag in my user record isn't actually set. The solution has been to delete all third-party cookies for the localhost in my browser cache and then I can login.
So far as I understand, this should not be possible. If I understand correctly, it should be programatically impossible for a browser to get itself into this situation, and yet it does.
When does the separate "you're locked out" AI-generated page get triggered? I have triggered it myself, many times, and don't know why. I get the page on the first or at most 2nd attempt to login, and the locked out flag in the user record isn't set. Also it is likely related to a database and/or code update being done and being in the middle of a login session at the time (have an open browser window that hasn't timed out yet),
Why would I have to remove all third-party cookies for the server from my browser cache to recover access?