diff --git a/lib/private/legacy/api.php b/lib/private/legacy/api.php
index 17ee9c5d46..894aee2856 100644
--- a/lib/private/legacy/api.php
+++ b/lib/private/legacy/api.php
@@ -332,25 +332,20 @@ class OC_API {
 		$userSession = \OC::$server->getUserSession();
 		$request = \OC::$server->getRequest();
 		try {
-			$loginSuccess = $userSession->tryTokenLogin($request);
-			if (!$loginSuccess) {
-				$loginSuccess = $userSession->tryBasicAuthLogin($request, \OC::$server->getBruteForceThrottler());
+			if ($userSession->tryTokenLogin($request)
+				|| $userSession->tryBasicAuthLogin($request, \OC::$server->getBruteForceThrottler())) {
+				self::$logoutRequired = true;
+			} else {
+				return false;
 			}
-		} catch (\OC\User\LoginException $e) {
-			return false;
-		}
-	
-		if ($loginSuccess === true) {
-			self::$logoutRequired = true;
-
 			// initialize the user's filesystem
 			\OC_Util::setupFS(\OC_User::getUser());
 			self::$isLoggedIn = true;
 
 			return \OC_User::getUser();
+		} catch (\OC\User\LoginException $e) {
+			return false;
 		}
-
-		return false;
 	}
 
 	/**
diff --git a/lib/private/legacy/user.php b/lib/private/legacy/user.php
index 621ea3535b..7e7cbab3bc 100644
--- a/lib/private/legacy/user.php
+++ b/lib/private/legacy/user.php
@@ -199,9 +199,10 @@ class OC_User {
 				if($setUidAsDisplayName) {
 					self::setDisplayName($uid);
 				}
-				self::getUserSession()->setLoginName($uid);
+				$userSession = self::getUserSession();
+				$userSession->setLoginName($uid);
 				$request = OC::$server->getRequest();
-				self::getUserSession()->createSessionToken($request, $uid, $uid);
+				$userSession->createSessionToken($request, $uid, $uid);
 				// setup the filesystem
 				OC_Util::setupFS($uid);
 				// first call the post_login hooks, the login-process needs to be