diff --git a/Controllers/CookieProxyController.cs b/Controllers/CookieProxyController.cs
index df211c5..4ae86e3 100644
--- a/Controllers/CookieProxyController.cs
+++ b/Controllers/CookieProxyController.cs
@@ -17,10 +17,18 @@ public class CookieProxyController : Controller {
 
 		var dstDomain = AuthHelpers.GetRootDomain(tgt);
 
-		if (!Request.Cookies.ContainsKey("authelia_session") || string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain)) {
+		if (string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain)) {
 			return BadRequest("Bad request.");
 		}
 
+		if (!Request.Cookies.ContainsKey("authelia_session")) {
+			// tgt is urlencoded twice because authelia decodes it by one layer 
+			var authUrl =
+				$"https://{Vars.AutheliaSubdomain}.{Vars.UpstreamPrimaryDomain}/?rd=https%3A%2F%2F{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}%2Fapi%2Fcookieproxy_stage_one%3Ftgt%3D{HttpUtility.UrlEncode(HttpUtility.UrlEncode(tgt))}";
+			Response.Redirect(authUrl);
+			return Content($"Redirecting... <a href=\"{authUrl}\">Click here if you are not redirected automatically</a>", "text/html");
+		}
+
 		var targetUrl = $"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_two?tgt={HttpUtility.UrlEncode(tgt)}";
 		return
 			Content($"Redirecting to cookie proxy (stage two) on the destination domain... <form method=\"POST\" action=\"{targetUrl}\"> <input type=\"hidden\" name=\"cookie\" value=\"{HttpUtility.HtmlEncode(Request.Cookies["authelia_session"])}\"><button type=\"submit\">Click here</button> if you are not redirected automatically</form><script>document.querySelector(\"form\").submit();</script>",
diff --git a/Controllers/RedirectController.cs b/Controllers/RedirectController.cs
index 14f7f26..9e83359 100644
--- a/Controllers/RedirectController.cs
+++ b/Controllers/RedirectController.cs
@@ -21,7 +21,7 @@ public class RedirectController : Controller {
 
 		// tgt is urlencoded twice because authelia decodes it by one layer 
 		var targetUrl =
-			$"https://{Vars.AutheliaSubdomain}.{Vars.UpstreamPrimaryDomain}/?rd=https%3A%2F%2F{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}%2Fapi%2Fcookieproxy_stage_one%3FdstDomain%3D{dstDomain}%26tgt%3D{HttpUtility.UrlEncode(HttpUtility.UrlEncode(tgt))}";
+			$"https://https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_one?tgt={HttpUtility.UrlEncode(HttpUtility.UrlEncode(tgt))}";
 		Response.Redirect(targetUrl);
 		return Content($"Redirecting... <a href=\"{targetUrl}\">Click here if you are not redirected automatically</a>", "text/html");
 	}