to get it to work, i changed the login link to:
<a href="login.php?accesscheck=/request-detail-<?php echo(isset($_GET['id'])?$_GET['id']:"");?>">log in</a>
on the login page i moved the code to set the session so it was just before the login behavior, for some reason it wasn't working at line 1.
WA_FAIL_login is the correct session name. the idea is this:
the WA_FAIL_login session is created when you access a restricted page. it is based on the name of the authentication object that you set
$Authenticate->Name = "login";
So by using the access check URL variable to set the WA_FAIL_login, it makes the system think you tried to access that page before losing in, so it will redirect there.