Originally reported on bug 5953.
It's possible to click the Login button several times (e.g. doing a double click) and having the server create multiple sessions. Ideally we want to make sure that the current transaction is done before we allow the user to start another.
Note that this is still an issue even if bug 5953 is fixed. On a system which allows multiple sessions you still don't want to have users accidentally create extra sessions they don't know about.
Bug 5953 also has a quick and dirty patch for this which could be used as a basis for a proper fix.
The login button is now disabled after submitting the login form.
Works well. Tested in Firefox, Chrome, Safari, IE and Edge.
 The UI doesn't update in Safari once you've clicked, so you don't see it as disabled. It is properly disabled though.