akissa
commented
10 years ago This is the correct approach to handle this, there is no way to determine that it is a login as opposed to a user trying to access the url deliberately. We will add a link to take them to the home page that they can click on.
when you are as admin at some menu where a normal user does not have access to (example /settings/ms) and you click logout you see the login window. when you login as normal user you receive a 403 forbidden. This is correct, but since user-login itself was successful i would expect a redirect to /