There seems to be multiple issues related to logins that continue to be a problem in 2021.5.0, possibly constrained to specific plugins in the ui at the time, is there a github discussions for this?
Seems in my case that a cookie or token expired and a cached ui obliviously repeatedly tried to authenticate or use it invalidly.
Connection attempts were made by an idle browser client every 4 seconds for a period of over 12 hours for almost twelve thousand attempts.
The external ip of an authenticated Chrome client left idle connecting through caddy-docker-proxy to home assistant using authenticated proxies and x-forwarded-for ip banning was logged making exactly 7 invalid attempts in a second roughly every minute multiple times.
This same idle browser was able to connect to the UI without reauthenticating after an ipban removal and restart of the home assistant container (a config reload likely would have sufficed) followed by refreshing the browser
Perhaps this can be fixed globally by ignoring unauthenticated/invalid connections and only logging a connection using a unique invalid credential combo as a login attempt.
