diff --git a/isomorphe/app.py b/isomorphe/app.py
index 2fa3731..b14c658 100644
--- a/isomorphe/app.py
+++ b/isomorphe/app.py
@@ -70,6 +70,10 @@ def login():
         gn_info = migrator.gn.info()
     except (requests.exceptions.RequestException, GeonetworkConnectionError) as e:
         flash(f"Problème d'authentification ({e})", "error")
+        # still record the login info for the next try
+        session["url"] = url.rstrip("/")
+        session["username"] = username
+        session["password"] = password
         return redirect(url_for("login_form"))
     else:
         authenticated = gn_info.get("me", {}).get("@authenticated", "false") == "true"
diff --git a/isomorphe/geonetwork.py b/isomorphe/geonetwork.py
index 7515cd3..6d72fc2 100644
--- a/isomorphe/geonetwork.py
+++ b/isomorphe/geonetwork.py
@@ -92,12 +92,15 @@ def authenticate(self):
             raise GeonetworkConnectionError(
                 f"Redirection détectée vers {r.headers['Location']}. Merci d'utiliser l'URL canonique du serveur."
             )
-        xsrf_token = r.cookies.get("XSRF-TOKEN")
-        if xsrf_token:
-            self.session.headers.update({"X-XSRF-TOKEN": xsrf_token})
-            log.debug(f"XSRF token: {xsrf_token}")
-        else:
-            raise GeonetworkConnectionError("Impossible de récupérer le token XSRF")
+        # if the POST above failed, we need the XSFR-TOKEN to proceed further
+        # if it did not, (username, password) basic auth should be enough
+        if not r.ok:
+            xsrf_token = r.cookies.get("XSRF-TOKEN")
+            if xsrf_token:
+                self.session.headers.update({"X-XSRF-TOKEN": xsrf_token})
+                log.debug("XSRF token found")
+            else:
+                raise GeonetworkConnectionError("Impossible de récupérer le token XSRF")
 
     def _get_md_type(self, md: dict) -> MetadataType:
         return MetadataType(md.get("isTemplate", MetadataType.METADATA))