TYPO3 Core

This is due to a wrong condition in the LoginController.

A bit of history:

Before the new BE login API was introduced with v7 the condition in LoginController:checkRedirect was
if (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) { // do the redirect stuff

This condition was furthermore later documented in the phpdoc header of the function.
Over time this condition has been adjusted (falsely improved) multiple times, up until recently, where we got back to
if (empty($this->getBackendUserAuthentication()->user['uid']) || (!($this->isLoginInProgress($request) || $this->loginRefresh))) { return; }
as a guard clause.

The only difference between the v6 and v9 code is the $this->interfaceSelector member.
While the condition worked correctly in v6 it does not work in v9.

The reason is hidden within $this->interfaceSelector, which was only set if $this->isLoginInProgress() == true.
So the v6 condition could actually be sort of
if (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->isLoginInProgress())) { // do the redirect stuff
making the second part of the conjunction always true.
Consequently, the condition is therefore only dependent on a BE user being present.

In contrast, the condition in v9 does not reflect this fact anymore as the $this->interfaceSelector part was removed while refactoring the code during v7 development.