When you register, after double opt-in, you succesfully log in, but you are not able to see protected pages.

To replicate:
1) go to http://demopublic.magnolia-cms.com
2) register (http://demopublic.magnolia-cms.com/demo-project/members-area/registration.html)
3) click email link to activate your user
4) login

HERE you see the issue: you stay logged in (your name is prompted by PUR login form component, with LOGOUT button) but page "Protected" is not accessible.

The problem seems to be the roles assigned to the new user: anonymous + public-user-registration-base

• role "anonymous" should be removed, since it contains a DENY rule (the one managed by security callback..)
• role "public-user-registration-base" is already included in group "demo-project-members", so it is redundant.

In my tests removing both the roles fixed the login procedure.
M.