CI4 VALIDATION BUG

routes.php

<?php
// Sample1
$routes->get('/getform1', 'Users::getform1');
// Sample2
$routes->get('/getform2', 'Users::getform2');
// HELPER POST
$routes->post('/postform', 'Users::postform');

simpleForm.php

<?php
$validation = \Config\Services::validation();
?>
<h2> CI Validation bug or feature?</h2>
<hr>
<a href="/getform1">Sample1 </a>
||
<a href="/getform2">Sample2 </a>
<hr>
<form action="/postform" method="post">

    <?= csrf_field() ?>

    <label for="title">User</label>

    <input type="input" name="user" value=""/> Leave empty so it fails<br />
    <?=($validation->hasError('user') ? $validation->showError('user') : ''); ?>
    <br />
    <label for="title">Id</label>
    <input type="input" name="id" value="<?=esc($id, 'attr');?>"/><br />
    <?=($validation->hasError('id') ? $validation->showError('id') : ''); ?><br />
    <input type="submit" name="submit" value="Send invalid form!" />

</form>

Users.php

<?php
namespace App\Controllers;

use CodeIgniter\Controller;
use Config\Services;

class Users extends Controller
{

    public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
    {
        parent::initController($request, $response, $logger);
        session();
    }

    // sample 1
    public function getform1()
    {
        // harcoded valid REQUEST GET param 'id' to be validated.
        // You can remove it and send it in the request. like /getform?id=34 to be validated.
        $_REQUEST['id'] = 8;

        $validationRules = [
            'id' => 'required|is_natural',
        ];

        // Should always pass. (Nope)
        // Any use of the .run method after the redirect will trigger the problem
        if (!$this->validate($validationRules)) {
            // this will fail the validation after the redirect back from postForm;
            return $this->response
                ->setStatusCode(404)
                ->setBody('VALIDATION FAILED! <br> WHY WE HERE? VALIDATED DATA WAS GOOD!. ID (/getform1) = ' . esc($_REQUEST['id']));
        }

        return view('simpleForm', ['id' => $_REQUEST['id']]);
    }

    // sample 2
    public function getform2()
    {
        // Lets validate a random array now, nothing to do with the request data. With a "different" validation instance, also with a reset() call. It fails.
        $data = [
            'id' => 4
        ];
        $validationRules = [
            'id' => 'required|is_natural',
        ];

        // Should always pass. (Nope)
        // Any use of the .run method after the redirect will trigger the problem
        $validation =  Services::validation(null, false); // so its not even shared
        $validation->reset(); // does not matter, is not clearing $SESSION obviously, and it should not do that.
        if(!$validation->setRules($validationRules)->run($data)){
            // this will fail the validation after the redirect back from postForm;
            return $this->response
                ->setStatusCode(404)
                ->setBody('VALIDATION FAILED! <br> WHY WE HERE? VALIDATED DATA WAS GOOD!. DATA ID (/getform2) = ' . esc($data['id']));
        }
        return view('simpleForm', $data);
    }

    public function postform()
    {
        // dummy post for setting the validation error in the session. We need to make it fail.
        $validationRules = [
            'id' => 'required|is_natural_no_zero',
            'user' => 'required|min_length[5]', // so we can send an empty user and make it fail
        ];
        if (!$this->validate($validationRules)) {
            // Session storing the errors, redirect back.
            return redirect()->back()->withInput();
        }
        return $this->response
            ->setStatusCode(200)
            ->setBody('Well done!, but ... submit a invalid form to reproduce the bug! :P');
    }
}