diff --git a/application/loginbasic.class.inc.php b/application/loginbasic.class.inc.php
index bdfae92cf9..06210cfa4e 100644
--- a/application/loginbasic.class.inc.php
+++ b/application/loginbasic.class.inc.php
@@ -62,8 +62,6 @@ class LoginBasic extends AbstractLoginFSMExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
-			// Save the checked user
-			$_SESSION['auth_user'] = $sAuthUser;
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -72,7 +70,7 @@ class LoginBasic extends AbstractLoginFSMExtension
 	{
 		if (Session::Get('login_mode') == 'basic')
 		{
-			$sAuthUser = $_SESSION['auth_user'];
+			list($sAuthUser) = $this->GetAuthUserAndPassword();
 			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
diff --git a/application/loginexternal.class.inc.php b/application/loginexternal.class.inc.php
index 8bb6786b95..759b7482b6 100644
--- a/application/loginexternal.class.inc.php
+++ b/application/loginexternal.class.inc.php
@@ -45,8 +45,6 @@ class LoginExternal extends AbstractLoginFSMExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
-			// Save the checked user
-			$_SESSION['auth_user'] = $sAuthUser;
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -55,7 +53,7 @@ class LoginExternal extends AbstractLoginFSMExtension
 	{
 		if (Session::Get('login_mode') == 'external')
 		{
-			$sAuthUser = $_SESSION['auth_user'];
+			$sAuthUser = $this->GetAuthUser();
 			LoginWebPage::OnLoginSuccess($sAuthUser, 'external', $_SESSION['login_mode']);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
diff --git a/application/loginform.class.inc.php b/application/loginform.class.inc.php
index 4a9e55bb83..f10b2263c8 100644
--- a/application/loginform.class.inc.php
+++ b/application/loginform.class.inc.php
@@ -71,8 +71,6 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
-			// Save the checked user
-			$_SESSION['auth_user'] = $sAuthUser;
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -84,7 +82,15 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 	{
 		if (Session::Get('login_mode') == 'form')
 		{
-			$sAuthUser = $_SESSION['auth_user'];
+			if (isset($_SESSION['auth_user']))
+			{
+				// If FSM reenter this state (example 2FA) then the auth_user is not resubmitted
+				$sAuthUser = $_SESSION['auth_user'];
+			}
+			else
+			{
+				$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
+			}
 			// Store 'auth_user' in session for further use
 			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
 		}
diff --git a/application/loginurl.class.inc.php b/application/loginurl.class.inc.php
index 253be936e4..2aab9bd223 100644
--- a/application/loginurl.class.inc.php
+++ b/application/loginurl.class.inc.php
@@ -60,8 +60,6 @@ class LoginURL extends AbstractLoginFSMExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
-			// Save the checked user
-			$_SESSION['auth_user'] = $sAuthUser;
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -70,7 +68,7 @@ class LoginURL extends AbstractLoginFSMExtension
 	{
 		if (Session::Get('login_mode') == 'url')
 		{
-			$sAuthUser = $_SESSION['auth_user'];
+			$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
 			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;