hi marcan.
I'm sorry that my answer is too late.
I know the redirection is not so convinience.
If there are no CSRF vulnerable code in core and modules, the 4 lines should be commeted-out.
But I have to say the core of 2.0.9.2 is not secure enough against CSRF attack.
But!
I'm glad to hear core team adopt token system in 2.0.10 and after.
Thus, the redirection will be eliminated in autologin-hack for 2.0.10 and after