Ref T6870. Since it does not make sense to redirect the user to the login form after they log in, we try not to set the login form as the next cookie.
However, the current check is hard-coded to /auth/start/, and the form can also be served at /login/. This has no real effect on normal users, but did make debugging T6870 confusing.
Instead of using a hard-coded path check, test if the controller was delegated to. If it was, store the URI. If it's handling the request without delegation, don't.