TYPO3 Core

Hi,

when a valid backend session expires the following login refresh form using a valid password fails with the default error message notice "Password not correct".

Further debuggings at that state shows, that the function isAuthorizedBackendSession in \TYPO3\CMS\Backend\AjaxLoginHandler::loginAction returns null because the properties $GLOBALS['BE_USER']->user of an existing $GLOBALS['BE_USER'] object are null.

In order to test that case, you can expire your backend session and then try to login.