Strange, indeed. The return-redirect reloads the page (i.e. issues a fresh request). If the script tag with the .js file link appears after the login in the head, then it looks like a problem in the browser to me. I have just tried the sequence with a tiny .js file with one alert(), and it seems to work well.
I remember some strange behavior with .js caching, but that's already some time back.
