We have this option set to 'YES':
Forbid frontend Super Administrator login
But when we are logged in in the backend as super admin and we go to the frontend of the sit we are logged in as super user. Even without login in. It seems like the backend and frontend logins (sessions) are shared?
Should this happen? I believe this is new behavior for our sites. I have not seen this happen before. Not sure what changes (updates) might have caused this...
Any thoughts?