diff --git a/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee b/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
index 4b88e1914b..b6b65cc7a7 100644
--- a/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
+++ b/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
@@ -52,6 +52,7 @@ module.exports = TokenAccessController =
 					else
 						logger.log {token, projectId: project._id},
 							"[TokenAccess] deny anonymous read-and-write token access"
+						AuthenticationController._setRedirectInSession(req)
 						return res.redirect('/restricted')
 				if project.owner_ref.toString() == userId
 					logger.log {userId, projectId: project._id},
diff --git a/services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee b/services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee
index 9695f5f428..747822b896 100644
--- a/services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee
@@ -48,6 +48,7 @@ describe "TokenAccessController", ->
 				@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
 					.callsArgWith(2, null)
 				@ProjectController.loadEditor = sinon.stub()
+				@AuthenticationController._setRedirectInSession = sinon.stub()
 				@TokenAccessController.readAndWriteToken @req, @res, @next
 
 			it 'should try to find a project with this token', (done) ->
@@ -159,6 +160,7 @@ describe "TokenAccessController", ->
 						.callsArgWith(2, null)
 					@ProjectController.loadEditor = sinon.stub()
 					@TokenAccessHandler.grantSessionTokenAccess = sinon.stub()
+					@AuthenticationController._setRedirectInSession = sinon.stub()
 					@TokenAccessController.readAndWriteToken @req, @res, @next
 
 				it 'should not add the user to the project with read-write access', (done) ->
@@ -176,6 +178,11 @@ describe "TokenAccessController", ->
 					expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
 					done()
 
+				it 'should set redirect in session', (done) ->
+					expect(@AuthenticationController._setRedirectInSession.callCount).to.equal 1
+					expect(@AuthenticationController._setRedirectInSession.calledWith(@req)).to.equal true
+					done()
+
 				it 'should redirect to restricted page', (done) ->
 					expect(@res.redirect.callCount).to.equal 1
 					expect(@res.redirect.calledWith('/restricted')).to.equal true