you can add the security assist authenticate user server behavior to the confirm page, makes sure to set it up to set the same sessions that are set on the login page.
you may need to move the authenticate user code around in the page so that he login happens after the code that is updating the database.