cakephp 2.0 auth problems

gistfile1.aw

<?
// i login successfully with if($this->Auth->login()) but as soon as I call $this->redirect($this->Auth->redirect()); 
// it boots me back to the login screen.
public function beforeFilter()
{
    
    //Deny access to everything by default, let isAuthorized decide to let them in
    $this->Auth->deny("*");

    // Set up auth error messages here, where they can actually be translated
    $this->Auth->userScope = array('Staff.active' => 1);
    $this->Auth->autoRedirect = false; // We'll take care of redirecting, we need to check for expiry first.
    $this->Auth->loginError = __('Your username or password was incorrect');
    $this->Auth->loginAction = '/login';
    $this->Auth->loginRedirect = array('controller' => 'dashboard', 'action' => 'index');
    $this->Auth->authError = 'do-not-show';
    $this->Auth->flashElement = 'error';
    $this->Auth->loginAction = array(
        'controller' => 'staff',
        'action' => 'login',
        'plugin' => false,
        'admin' => false
    );
    $this->Auth->authenticate = array(
        'all' => array('userModel' => 'Staff'),
        'Form' => array(
            'fields' => array(
                'username'=>'username',
                'password'=>'password'
            )
        )
    );
    $this->Auth->authorize = array(
        'Controller'
    );
    $this->Auth->userScope = array(
        'Staff.active' => 1
    );

    // Allow access to any ajax request actions, this merges in anything called
    // using Auth->allow('something', 'another');
    $act = $this->params['action'];
    if(strstr($act, 'ajax_') !== false || strstr($act, 'api_') !== false)
    {
        $this->Auth->allowedActions = array($act);
    }

    // Add a user helper object to the view so that we can use it to decide what parts to show
    $TFUser = $this->Auth->user();

    $this->TFUser = $TFUser;

    // Set it to the view
    $this->set(compact('TFUser'));

}

function isAuthorized()
{
   // why is this never called?
}
?>