The server can't "direct" a page into a specific frame.
Your browser asks for a page, and the "target" of that request is an instruction to the browser, not the server.
So when you get an auto-login window that window appears in whatever frame "failed".
While you can't really stop that, you can change what happens _after_ after the person logs in. So what I usually do if I'm using frames* is override the "chaining" and set the login Save URL to the "Frameset page" and the target to '_top'.
* - I've moved away from frames somewhat, mostly because the "popup" metaphor makes them somewhat redundant. It turns out this is remarkably easy to do. All you're really doing is creating a new "main page", moving the menu to a generic header and setting a global header (and possibly footer) tag, the other pages pretty much stay "as is".
cheers
Bruce