diff --git a/mwclient/client.py b/mwclient/client.py
index 4f03903b94ee23894b01aeca72abb670da1fa9f1..e0816b17e7e61956461dcf97146f7866cee41cb8 100644
--- a/mwclient/client.py
+++ b/mwclient/client.py
@@ -482,6 +482,8 @@ class Site(object):
                 'lgname': self.credentials[0],
                 'lgpassword': self.credentials[1]
             }
+            if self.version[:2] >= (1, 27):
+                kwargs['lgtoken'] = self.get_token('login')
             if self.credentials[2]:
                 kwargs['lgdomain'] = self.credentials[2]
             while True:
@@ -502,7 +504,7 @@ class Site(object):
         if self.version[:2] >= (1, 24):
             # The 'csrf' (cross-site request forgery) token introduced in 1.24 replaces
             # the majority of older tokens, like edittoken and movetoken.
-            if type not in {'watch', 'patrol', 'rollback', 'userrights'}:
+            if type not in {'watch', 'patrol', 'rollback', 'userrights', 'login'}:
                 type = 'csrf'
 
         if type not in self.tokens:
diff --git a/tests/test_client.py b/tests/test_client.py
index 4e4c32806c614acce17b4cfcf693c8bce682829a..caaa88105d8fff30cdc61f26f3c75856cbd105bf 100644
--- a/tests/test_client.py
+++ b/tests/test_client.py
@@ -366,6 +366,33 @@ class TestClientApiMethods(TestCase):
         assert call_args[1] == mock.call('login', 'POST', lgname='myusername', lgpassword='mypassword')
         assert call_args[2] == mock.call('login', 'POST', lgname='myusername', lgpassword='mypassword', lgtoken=login_token)
 
+    def test_login_flow_2(self):
+
+        login_token = 'abc+\\'
+        self.site.version = (1, 29, 0, '-wmf', 21)
+
+        def side_effect(*args, **kwargs):
+            if kwargs.get('meta') == 'tokens':
+                return {
+                    'query': {'tokens': {'logintoken': login_token}}
+                }
+            else:
+                assert kwargs['lgtoken'] == login_token
+                return {
+                    'login': {'result': 'Success'}
+                }
+
+        self.api.side_effect = side_effect
+
+        with mock.patch('mwclient.client.Site.site_init'):
+            self.site.login('myusername', 'mypassword')
+
+        call_args = self.api.call_args_list
+
+        assert len(call_args) == 3
+        assert call_args[1] == mock.call('query', 'POST', meta='tokens', type='login')
+        assert call_args[2] == mock.call('login', 'POST', lgname='myusername', lgpassword='mypassword', lgtoken=login_token)
+
 
 class TestClientUploadArgs(TestCase):