CakePHP authentication breaking after an incorrect login

I have a simple login form, username and password. Basically, When a user is anywhere on the website, he can click a link that will take him to the login page. After login, he is redirected to the page he came from initially.

The problem:

let's say I was in the "/posts" page, and I clicked to login, so now I am on "/users/login".
- if the login is correct, or the login is incorrect and nothing is filled in the username textbox, everything works as expected (if it's correct I am redirected back to "/posts" otherwise I receive the "wrong username or password" message, I try to login again correctly and then I am redirected to "/posts";

  • if the login is incorrect, and some text is filled in the username textbox, after the login I receive the "wrong username or password" message, which is good, but if I fill in the form again, no matter wheather it is correct or not, I get "You are not authorized to access that location." If I try to log for the third time, the login works, but I am redirected to "/users/posts" instead of "/posts" (the value for the redirect page, which is stored in a session, is still "/posts" ).

This is the code:

    function beforeFilter () {
        parent::beforeFilter(); 
        $this->Auth->allowedActions = array( 'confirmation');

        $this->Auth->fields = array(
            'username' => 'usr_username', 
            'password' => 'usr_password'
        );
        $this->Auth->userScope = array('User.usr_confirmed' => 1);

        if($this->action == 'signup') {  
            $this->Auth->authenticate = $this->User;  
        }
    }

function login () {
    if ( $this->Auth->user() ) {
        $this->redirect($this->Session->read('page'));
        exit();
    } 
}

function logout () {
    $this->Session->destroy('username');
    $this->redirect('/');
    exit();
}