Ok, that sounds ok for me, but when i get popped to the login-page, it should *not* occur that i have to login twice! And this is the fact which disturbs a bit. shouldn't the cookie be deleted or rewritten upon login to avoid that?
I can replicate that very simple: stay at any of the services-page, wait a time, then press "save": You get your first message and jump to the login-page. Then login and you'll get the second message and again jump to login. Then, after the second login you can do whatever you want to do.