The most likely explanation is that the user has spent more than 5 minutes on the logon page.
When opening the ICF System Logon page, an XSRF cookie is issued which is valid for 5 minutes, due to security reasons. If more than 5 minutes is spent on the logon page, the message "Logon cookie check failed; repeat logon" is issued. After reloading the logon page, it should be possible to log on to the system.
This is a security feature, that can be deactivated in the System Logon settings of the relevant ICF service.
To deactivate the XSRF Protection, follow the below steps:
1. Open the detail view of the relevant service in the transaction SICF
2. Go to the tab "Error Pages" / "Logon Errors"
3. Click the button "Configuration"
4. Set the flag "Deactivate Login XSRF Protection"