Skip session authentication for backend modules

- This was causing errors accessing these modules with an existing session with 2fa enabled while anonymous calls were going through

src/App.php

@@ -631,7 +631,9 @@ class App
 				Model\Profile::openWebAuthInit($token);
 			}
 
-			$auth->withSession($this);
+			if (!$this->mode->isBackend()) {
+				$auth->withSession($this);
+			}
 
 			if (empty($_SESSION['authenticated'])) {
 				header('X-Account-Management-Status: none');