diff --git a/django/website/hid/tests/login_tests.py b/django/website/hid/tests/login_tests.py
new file mode 100644
index 0000000000000000000000000000000000000000..09195b61c888da7a837d56fe87223e70253aa9e9
--- /dev/null
+++ b/django/website/hid/tests/login_tests.py
@@ -0,0 +1,37 @@
+from __future__ import unicode_literals, absolute_import
+
+import pytest
+
+from django.core.urlresolvers import reverse
+from django.test import Client
+from django.utils.six.moves.urllib.parse import urlsplit
+
+from users.models import User
+
+@pytest.mark.django_db
+def test_user_directed_to_login_page_when_csrf_error():
+    username = 'william'
+    password = 'passw0rd'
+
+    User.objects.create_user(username, 'william@example.com', password)
+
+    client = Client(enforce_csrf_checks=True)
+    data = {'username': username,
+            'password': password,
+            'csrfmiddlewaretoken': 'notavalidtoken'}
+    response = client.post(reverse('login'),
+                           data=data, follow=True)
+
+    assert hasattr(response, 'redirect_chain')
+    assert len(response.redirect_chain) > 0, "Response didn't redirect"
+
+    assert response.redirect_chain[0][1] == 302
+    url, _ = response.redirect_chain[-1]
+    scheme, netloc, path, query, fragment = urlsplit(url)
+    assert path == reverse('login')
+
+    url, _ = response.redirect_chain[-2]
+    scheme, netloc, path, query, fragment = urlsplit(url)
+    assert path == reverse('dashboard')
+
+    assert response.status_code == 200
diff --git a/django/website/hid/views.py b/django/website/hid/views.py
index bce3045d9604d0b1ce754b9a39723bf3873a60ee..30033a6f93942a1dd361f46ad2fb21bd1297b6ed 100644
--- a/django/website/hid/views.py
+++ b/django/website/hid/views.py
@@ -1,4 +1,5 @@
 from django.contrib import messages
+from django.contrib.auth.views import login
 from django.core.urlresolvers import reverse
 from django.http import HttpResponseRedirect
 from django.utils.translation import ugettext as _
@@ -220,3 +221,13 @@ def process_items(request):
             messages.error(request, _('Unknown action'))
 
     return HttpResponseRedirect(redirect_url)
+
+
+def csrf_failure(request, reason=''):
+    # If the user presses the back button in the browser to go back to the
+    # login page and logs in again, they will get a CSRF error page because
+    # the token will be wrong.
+    # We override this with a redirect to the dashboard, which if not already
+    # logged in, will redirect to the login page (with a fresh token).
+
+    return HttpResponseRedirect(reverse('dashboard'))
diff --git a/django/website/settings.py b/django/website/settings.py
index 3493ef3b7112ddbdcfb56c864ce5e7ffad5cf557..96f2f289b9e81a2e8dc5e925aec4b31d983ca6fc 100644
--- a/django/website/settings.py
+++ b/django/website/settings.py
@@ -390,5 +390,6 @@ else:
     )
 ########## END TEMPLATE CONFIGURATION
 
+CSRF_FAILURE_VIEW = 'hid.views.csrf_failure'
 
 ########## Your stuff: Below this line define 3rd party libary settings