Login/ Logout was not possible after introducing the locking in #24790
The backend formprotection relies on the possibility to store the tokens in the user session. This is not the case, if a user did not yet login (the login screen). Since the login screen also uses the template object and the persistToken calls were moved to this place, we need do decide whether to validate and store tokens or not.
Check if we have a valid BE_USER session and if not provide a dummy object, which implements the same interface.
(issue imported from #M17305)
Updated by Ernesto Baschny about 10 years ago
This has been solved already in trunk, right?
Check if rev. 10302 is ok for you.