Details
Description
When attempting to log in to Blesta, the session is regenerated each time. However, it should only regenerate on a successful log in.
This has the adverse effect of changing CSRF tokens (because they're based on the session), and so any AJAX requests to log in that do not reload the page are unable to make POST requests because the CSRF token is outdated. This occurs, for instance, on the AJAX/Wizard templates of the Order plugin.