User logged out when clicking on setpassword link in emails with newly created accounts.

[angrybrad]

Description

When a new user gets the activate your account email with the setpassword link in it, they can sometimes double-click on the hyperlink.

The first click silently activates the account and the second click tries to validate immediately after and an error is thrown, sending folks off to the activateAccountFailurePath config setting and leading to lots of end user confusion.

This happens because UsersController::_processTokenRequest() (which is used by both actionSetPassword and actionVerifyPassword), will immediately check to see if there is a logged in user and if so, log them out first.

Similar to #1421

Steps to reproduce

1. Register a new user.
2. Double click the hyperlink in the email.

Additional info

• Craft version: 2.x and 3.x
• PHP version: n/a
• Database driver & version: n/a
• Plugins & versions: n/a