diff --git a/src/Application/Controller/Admin/d3totpadminlogin.php b/src/Application/Controller/Admin/d3totpadminlogin.php
index 1221279..f6a13f5 100644
--- a/src/Application/Controller/Admin/d3totpadminlogin.php
+++ b/src/Application/Controller/Admin/d3totpadminlogin.php
@@ -72,8 +72,8 @@ class d3totpadminlogin extends AdminController
      */
     protected function isTotpLoginNotPossible(): bool
     {
-        return !$this->d3TotpGetSession()->hasVariable(d3totp_conf::OXID_ADMIN_AUTH) &&
-            !$this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER);
+        $user = $this->d3TotpGetUserObject();
+        return !$user->d3TotpGetCurrentUser();
     }
 
     /**
@@ -82,10 +82,10 @@ class d3totpadminlogin extends AdminController
      */
     public function render(): string
     {
-        if ($this->isTotpIsNotRequired()) {
-            $this->d3TotpGetUtils()->redirect('index.php?cl=admin_start');
-        } elseif ($this->isTotpLoginNotPossible()) {
-            $this->d3TotpGetUtils()->redirect('index.php?cl=login');
+        if ($this->isTotpLoginNotPossible()) {
+            $this->d3TotpGetUtils()->redirect('index.php?cl=login', false);
+        } elseif ($this->isTotpIsNotRequired()) {
+            $this->d3TotpGetUtils()->redirect('index.php?cl=admin_start', false);
         }
 
         $this->addTplParam('selectedProfile', Registry::getRequest()->getRequestEscapedParameter('profile'));
diff --git a/src/Application/Controller/d3totplogin.php b/src/Application/Controller/d3totplogin.php
index 48c5762..9094f80 100644
--- a/src/Application/Controller/d3totplogin.php
+++ b/src/Application/Controller/d3totplogin.php
@@ -29,7 +29,7 @@ class d3totplogin extends FrontendController
     public function render()
     {
         if (!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)) {
-            $this->getUtils()->redirect('index.php?cl=start');
+            $this->getUtils()->redirect('index.php?cl=start', false);
         }
 
         $this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp_conf::SESSION_NAVFORMPARAMS));
diff --git a/src/Modules/Core/d3_totp_utils.php b/src/Modules/Core/d3_totp_utils.php
index 88434a3..0232eb6 100644
--- a/src/Modules/Core/d3_totp_utils.php
+++ b/src/Modules/Core/d3_totp_utils.php
@@ -51,7 +51,7 @@ class d3_totp_utils extends d3_totp_utils_parent
 
         //staten der prüfung vom einmalpasswort
         if ($blAuth && $totp->isActive() && false === $totpAuth) {
-            $this->redirect('index.php?cl=d3totpadminlogin');
+            $this->redirect('index.php?cl=d3totpadminlogin', false);
         }
 
         return $blAuth;
diff --git a/src/Modules/Core/totpSystemEventHandler.php b/src/Modules/Core/totpSystemEventHandler.php
index ba900fb..9da09f4 100644
--- a/src/Modules/Core/totpSystemEventHandler.php
+++ b/src/Modules/Core/totpSystemEventHandler.php
@@ -51,7 +51,8 @@ class totpSystemEventHandler extends totpSystemEventHandler_parent
             $this->getUtilsObject()->redirect(
                 'index.php?cl=d3totpadminlogin&amp;'.
                 'profile='.$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_PROFILE).'&amp;'.
-                'chlanguage='.$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_CHLANGUAGE)
+                'chlanguage='.$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_CHLANGUAGE),
+                false
             );
         }
     }
diff --git a/src/tests/unit/Application/Controller/Admin/d3totpadminloginTest.php b/src/tests/unit/Application/Controller/Admin/d3totpadminloginTest.php
index 8fe1cd2..5894d81 100644
--- a/src/tests/unit/Application/Controller/Admin/d3totpadminloginTest.php
+++ b/src/tests/unit/Application/Controller/Admin/d3totpadminloginTest.php
@@ -160,35 +160,26 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
 
     /**
      * @test
-     * @param $hasAdminAuth
-     * @param $hasCurrentUser
+     * @param $userId
      * @param $expected
      * @return void
      * @throws ReflectionException
      * @covers       \D3\Totp\Application\Controller\Admin\d3totpadminlogin::isTotpLoginNotPossible
      * @dataProvider isTotpLoginNotPossiblePassedDataProvider
      */
-    public function isTotpLoginNotPossiblePassed($hasAdminAuth, $hasCurrentUser, $expected)
+    public function isTotpLoginNotPossiblePassed($userId, $expected)
     {
-        /** @var Session|MockObject $oSessionMock */
-        $oSessionMock = $this->getMockBuilder(Session::class)
-            ->onlyMethods([
-                'hasVariable',
-            ])
+        /** @var d3_totp_user|MockObject $oUserMock */
+        $oUserMock = $this->getMockBuilder(User::class)
+            ->onlyMethods(['d3TotpGetCurrentUser'])
             ->getMock();
-        $hasVariableMap = [
-            [d3totp_conf::OXID_ADMIN_AUTH, $hasAdminAuth],
-            [d3totp_conf::SESSION_ADMIN_CURRENTUSER, $hasCurrentUser],
-        ];
-        $oSessionMock->method('hasVariable')->willReturnMap($hasVariableMap);
+        $oUserMock->method('d3TotpGetCurrentUser')->willReturn($userId);
 
         /** @var d3totpadminlogin|MockObject $oControllerMock */
         $oControllerMock = $this->getMockBuilder(d3totpadminlogin::class)
-            ->onlyMethods([
-                'd3TotpGetSession',
-            ])
+            ->onlyMethods(['d3TotpGetUserObject'])
             ->getMock();
-        $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
+        $oControllerMock->method('d3TotpGetUserObject')->willReturn($oUserMock);
 
         $this->_oController = $oControllerMock;
 
@@ -207,19 +198,22 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
     public function isTotpLoginNotPossiblePassedDataProvider(): array
     {
         return [
-            'no admin auth, no user'    => [false, false, true],
-            'has admin auth'            => [true, false, false],
-            'has current user'          => [false, true, false],
+            'no user'    => [null, true],
+            'has user'   => ['userId', false],
         ];
     }
 
     /**
      * @test
+     * @param $totpNotRequired
+     * @param $totpNotPossible
+     * @param $redirect
+     * @return void
      * @throws ReflectionException
      * @covers \D3\Totp\Application\Controller\Admin\d3totpadminlogin::render
      * @dataProvider canRenderDataProvider
      */
-    public function canRender($totpRequired, $totpNotPossible, $redirect)
+    public function canRender($totpNotRequired, $totpNotPossible, $redirect)
     {
         /** @var Utils|MockObject $oUtilsMock */
         $oUtilsMock = $this->getMockBuilder(Utils::class)
@@ -247,7 +241,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
                 'd3GetLoginController',
             ])
             ->getMock();
-        $oControllerMock->method('isTotpIsNotRequired')->willReturn($totpRequired);
+        $oControllerMock->method('isTotpIsNotRequired')->willReturn($totpNotRequired);
         $oControllerMock->method('isTotpLoginNotPossible')->willReturn($totpNotPossible);
         $oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock);
         $oControllerMock->method('d3GetLoginController')->willReturn($loginControllerMock);
@@ -266,7 +260,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
     public function canRenderDataProvider(): array
     {
         return [
-            'not required'  => [true, true, 'admin_start'],
+            'not required'  => [true, false, 'admin_start'],
             'not possible'  => [false, true, 'login'],
             'do auth'       => [false, false, null],
         ];