Enforced 2FA - get otp-Token on Registration fails - Entered token is not valid

[wsirhc]

My Issue is quite similar to #4646 but somehow different.

During the registration process, seahub complains "Entered token is not valid", after scanning the totp-QR Code.
This issue occurs not reproducable. In some registrations, the token will be accepted instantly. In Some cases, it's required to delete the session cookies and to login again. This is our current workaround, but many non-technical people do complain about this issue.

Steps to reproduce:

• Account is created, user gets the registration Mail.
• User logins with username and password
• User accepts GDPR Policy
• User and gets the 2FA QR-Code
• User scans the QR-Code to obtain the Token (tried with Freeotp+ and Google Authenticator)
• Either the User gets the recovery token list, or the message "Entered token is not valid"

I made sure, that the OS system time is correct and synchronized.

Due to it seems to have something to do with session cookies, is there anything that must be adjusted for cookie handling (seahub or nginx Reverseproxy?)

System environment:

• Seafile 11.0.9 CE in Kubernetes
• Firefox 115.11.0esr, MS Edge 126.0.2592.68
• Freeotp+, Google Authenticator