I have this problem too. Unfortunately, most of the discussion in this thread is too technical for me. I dont’ know what most of it means. Although I see some reference to the referrer header.
I used to use a Firefox plugin that blocks the referrer header. But I’ve switched to SeaMonkey, which as of yet, does not have such a plugin. But I still get the error anyway.
However, I did find a way around the problem (clearly by luck!).
When I see the login page, the URL in browser address field is twice longer than the field. Huge string of url and I have no idea what most of it means. But if I change the address to just the raw page address (such as h…ps://mydomain.com/stats) then I’m allowed to log in.
Can someone explain in a simple way, how I can fix this? Even with the lucky workaround, it still would be nice to just log in.
Thanks 
Edit - note that I’m still using 2.15 - would upgrade fix it?