We recently completed a Magento CE upgrade from 1.6 to 1.8.1 and had a problem that customers we unable to log into their account dashboard.
The Login button just looped back to the log in page – no error message was displayed.
The issue is due to the custom login form does not containing a form_key and there is a form key validation happening in loginPostAction, so here is the fix:
1) Navigate to your_template/customer/form/login.phtml & template/persistent/customer/form/login.phtml
2) Look under the line : <code><ul class=”form-list”></code>
3) Add the following line of code:
<input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey(); ?>" />
As with any ‘fix’ like this make sure you have a local & online copy of the file you are editing.
To test this you will need to clear the Magento Cache and test in a Private Window or Incognito window