Don't use the "Log in success" access rule on that page. That rule only works on the login page itself if you want to show a message rather than redirecting. You should have a rule like: "logged in to Users" or something to that effect that you can use on the restricted pages.