Bug #84991
Updated by Markus Klein almost 6 years ago
This is due to a wrong condition in the LoginController.
A bit of history:
Before the new BE login API was introduced with v7 the condition in LoginController:checkRedirect was
@if (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) { // do the redirect stuff@
This condition was furthermore later documented in the phpdoc header of the function.
Over time this condition has been adjusted (falsely improved) multiple times, up until recently, where we got back to
@if (empty($this->getBackendUserAuthentication()->user['uid']) || (!($this->isLoginInProgress($request) || $this->loginRefresh))) { return; }@
as a guard clause.
The only difference between the v6 and v9 code is the @$this->interfaceSelector@ member.
While the condition worked correctly in v6 it does not work in v9.
The reason is hidden within @$this->interfaceSelector@, which was only set if @$this->isLoginInProgress() == true@.
So the v6 condition could actually be sort of
@if (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->isLoginInProgress())) { // do the redirect stuff@
making the second part of the conjunction always @true@.
Consequently, the condition is therefore only dependent on a BE user being present.
In contrast, the condition in v9 does not reflect this fact anymore as the @$this->interfaceSelector@ part was removed while refactoring the code during v7 development.