diff --git a/app/webroot/auth/login/login.php b/app/webroot/auth/login/login.php
index 7e0c18e4c..a53afe51d 100644
--- a/app/webroot/auth/login/login.php
+++ b/app/webroot/auth/login/login.php
@@ -42,8 +42,10 @@
 }
 
 $_SESSION['Auth']['external']['user'] = $_SERVER['REMOTE_USER'];
+$target = $_SESSION['Auth']['target'] ?? "/";
 
-$target = !empty($_SESSION['Auth']['target']) ? $_SESSION['Auth']['target'] : "/";
+$re = '/(.*)\/auth\/login\/login(?:.php)?(.*)/m';
+$subst = '$1' . $target . '$2';
+$path = preg_replace($re, $subst, urldecode($_SERVER['REQUEST_URI']), 1);
 
-// XXX fix hardcoded prefix?
-header("Location: /registry-pe" . $target);
+header("Location: " . $path);
diff --git a/app/webroot/auth/logout/logout.php b/app/webroot/auth/logout/logout.php
index f873e09ca..5b73df312 100644
--- a/app/webroot/auth/logout/logout.php
+++ b/app/webroot/auth/logout/logout.php
@@ -36,4 +36,8 @@
 
 unset($_SESSION['Auth']);
 
-header("Location: " . "/registry-pe");
+$re = '/(.*)\/auth\/logout\/logout(?:.php)?(.*)/m';
+$subst = '$1$2';
+$path = preg_replace($re, $subst, urldecode($_SERVER['REQUEST_URI']), 1);
+
+header("Location: " . $path);
\ No newline at end of file