Do you have something like
$this->Authentication->allowUnauthenticated(['login']);
in your Users controller, which allows using the login page without being logged in?
Do you have something like
$this->Authentication->allowUnauthenticated(['login']);
in your Users controller, which allows using the login page without being logged in?