Once users are logged in, they stay logged in for months on end. There isn’t really a use for the login page anymore other then to serve as an attack vector for cloudflare/casaURL/portForward installations.
There should be a yml config option to disable all new logins.