This ‘confirm form resubmission’ is from your web browser, not from Tank Auth.
Some time ago someone coding a web browser realised that reposting is a big problem so they put in a warning to stop ppl double-posting and such.

I can think of 2 ways to avoid it.

1) Make the login ‘post’ into a ‘get’.
This is a BAD idea. cos your password is in the query string

2) In the auth controller redirect to an error display version of the login form on login fail instead of loading the login form view again.

basically you find a way to pass the error message to your login form via query string or session. the redirect to that page. Its pretty easy since tank auth uses language keys for errors.

I just tried it as a query string.. seems to work ok, but my tank auth is pretty heavily modified.

I added this to controllers/auth.php right after the part where it says //fail

redirect('auth/login/'.$errors['login']);

this takes the login error key generated by tank auth and passes it back to http://yoursite/auth/login as a query parameter.

then at the top of the login function I put this:

function login($error = ''){
    if ($error != '') {
        $data['errors']['login'] = $this->lang->line($error);
        $this->load->view('auth/login_form', $data);
    }

this code grabs the parameter if its there.. then grabs the appropriate line from your language file, then loads the login form.

note this will only handle ‘login’ errors. you will need to pass more query parameters to handle things like validation errors.

// edit
I thought I’d try the session way.. and its much neater.

this goes at the //fail spot

$this->session->set_flashdata('login_error', $this->lang->line($errors['login']));
redirect('/auth/login');

and something like this goes in views/auth/login_form.php instead of where the form_errors are.

<? if ( $this->session->flashdata('login_error') != '') {
    echo '<p style="color:#f00;">'.$this->session->flashdata('login_error').'</p>';
} ?>