Thanks for the feedback and helping out other customers!
This is a scenario I hadn’t anticipated! I’ve raised this GitHub Issue to make it easier to detect and fix this kind of situation: https://github.com/OctopusDeploy/Issues/issues/3481
As part of this I’ve added some extra steps to help diagnose this specific scenario: https://octopus.com/docs/reference/csrf-and-octopus-deploy
Hope that helps!
Thanks for getting in touch and looking through that documentation! Oh wow, I didn’t realise the cookie was being modified.
I’ve updated the guide accordingly.