The refresh login dialogue is shown even if the session already timed out
There are several reasons why a backend session can expire. If this happens, the refresh login dialogue is shown for 30 seconds giving the user the option to "stay logged in" or "log out". But in case the session is already expired, clicking "stay logged in" does not have an effect an only shows the dialogue again with reset counter.
If the session is already expired, directly show the password dialogue.
This can be easily tested by deleting the be_typo_user cookie. Without the patch the progress bar is shown, with the patch you will see the password dialogue directly
(issue imported from #M17498)