verifyBackEnd true and forceBackEnd true doesn't seem to be working

[bartdigitalpulse]

I set up forced verification in the config.
When I login I get redirected to the force page:
index.php/admin/actions/two-factor-authentication/settings/force

When I try to submit this page I get a crsf token error. It seems that when the force page loads I'm already logged out again. So the session is different. If I wait a while the admin login popup will appear. When I login using this popup then it will work.
Seems like the session is getting lost in the redirect.

The actionForce() method expects a user in TwoFactorAuth::$plugin->verify->isVerified($user). Anymous not allowed in the controller so this fails.

I suspect it goes wrong somewhere in the userLoginEventHandler() but it's difficult to debug.

config:
'verifyBackEnd' => true,
'forceBackEnd' => true,

Craft version: Craft Pro 4.12.3
Two-Factor Authentication version: 3.4.0

[bartdigitalpulse]

My colleague figured this one out. It's because the debug bar was enabled. I you turn it off it works. So if anyone is running into this problem just turn off the debug bar. Update in the database in the userpreferences table as you can't login.

Somehow it messes with the csrf token generation / validation.