diff --git a/pkg/middleware/auth.go b/pkg/middleware/auth.go
index 210ad993079..7ab6274bc4c 100644
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@@ -64,9 +64,12 @@ func writeRedirectCookie(c *models.ReqContext) {
 		redirectTo = setting.AppSubUrl + c.Req.RequestURI
 	}
 
+	if redirectTo == "/" {
+		return
+	}
+
 	// remove any forceLogin=true params
 	redirectTo = removeForceLoginParams(redirectTo)
-
 	cookies.WriteCookie(c.Resp, "redirect_to", url.QueryEscape(redirectTo), 0, nil)
 }
 
diff --git a/pkg/services/accesscontrol/middleware.go b/pkg/services/accesscontrol/middleware.go
index db11d0c2038..c0d3868e266 100644
--- a/pkg/services/accesscontrol/middleware.go
+++ b/pkg/services/accesscontrol/middleware.go
@@ -84,6 +84,7 @@ func deny(c *models.ReqContext, evaluator Evaluator, err error) {
 
 	if !c.IsApiRequest() {
 		// TODO(emil): I'd like to show a message after this redirect, not sure how that can be done?
+		writeRedirectCookie(c)
 		c.Redirect(setting.AppSubUrl + "/")
 		return
 	}