Interesting news on this: I increased the logging level to 4 (everything), and that didn't help much (apart from "CSRF cookie sent" there was no useful info there. But along the way, I accidentally found out that if I try to login, hit the error, go to the login screen again and logged in, it worked! I then repeated the process two more times on Edge, and once o IE.
I'm not sure what this means yet, but now I'm definitely convinced it's browser-related. It almost sounds like Edge and IE are caching the CSRF tokens from a previous login or something. Any ideas?